Unified Threat Management - Support | GTA, Inc.

		                         

                         GB-OS FIREWALL SOFTWARE
                            VERSION 5.3.2
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 5.3.2
Date:       6 August 2010

-------------------------------------------------------------------------
GB-OS version 5.3.2 includes updated versions of the following GTA
products and utilities:

    GB-OS                       5.3.2

Release notes are located on the installation CD and on GTA's Web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SYSTEM

3.  NETWORK

4.  SERVICES

5.  WEB INTERFACE

6.  RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 5.2.x or below, new activation codes must be
        entered. GB-OS version 5.3.2 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local Authorized GTA 
        Channel Partner or email sales@gta.com for information and pricing 
        of upgrade options.

        
    1.2 Upgrade Notes   
        
        1.2.1 Upgrading to GB-OS 5.3
        
              Firewalls must be on GB-OS version 5.2.0 or higher to properly
              upgrade to GB-OS 5.3. See the Upgrade Guide for more information.
              
              
        1.2.2 GB-250 Rev B Upgrade to GB-OS 5.3 
        
              GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
              to version 5.3.

              The firewall's current runtime slice is displayed on the 
              firewall's System>Overview screen. To view the current slice, log 
              into the firewall’s web administration interface and navigate to 
              System>Overview. The runtime section will display the firewall's 
              current runtime slice.
              
              Additionaly, some GB-250 Rev B firewalls require a Bios Update 
              before updating to GB-OS 5.3.0. If the Bios version is not v0.99h 
              or higher,the Bios may need to be updated. 
              
              You can check the BIOS by:
          
                 1. Examining the hardware report for the Bios version:
             
                    BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
             
                 2. Connecting on the console interface and rebooting the 
                    firewall. The first line displayed should be BIOS revision. 
                
                    Example: PC Engines ALIX.2 v0.99h
              
               You can check if the firewall is a GB-250 Rev B by the following:
              
                 1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
                    not have USB ports. 
              
                 2. GB-250 Rev B firewall serial numbers are:
                
                    Starting at S/N 65002101 and above 
                    Starting at S/N 65902101 and above

        
        1.2.3 Re-sizing Slices and Runtime Upgrades
              
              In order to support the new features in GB-OS 5.2.x and above, 
              some firewalls may require partition re-sizing during the 
              upgrade process. Upon re-sizing, both runtime slices will have 
              GB-OS 5.3.0, and firewall administrators WILL NOT be able to 
              revert to previous runtimes via the Console or Web interface.
              
              GTA strongly recommends backing up current firewall 
              configurations PRIOR to upgrading.

              Firewalls requiring re-sized partitions will take approximately 
              5-8 minutes to reboot and fully update once the runtime has 
              been applied. DO NOT switch off or reboot the firewall during 
              this process.

        
        1.2.4 Error Messages Upon Initial Reboot
    
              Upon rebooting after successful installation, the GTA
              Firewall UTM Appliance may display errors when accessed
              using the Web interface.  This is expected, these errors are
              generated because the browser's cache is trying to access
              files and locations that no longer apply. Click OK to any
              displayed errors and refresh the browser window to access
              GB-OS 5.3.2. If the error messages persist, clear your
              browser's cache.
              
            
    1.3 SSL Certificate Replacement

        GB-OS version 5.3.2 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.
    
    
    1.4 Mail Sentinel Anti-Virus 
    
        Since the release of GB-OS version 5.1.2, Mail Sentinel Anti-Virus is 
        no longer available as a separate subscription option. Mail Sentinel 
        Anti-Virus is included as a standard feature with valid support 
        contracts.


2.  SYSTEM      
            
    2.1 Modifications
    
        2.1.1   Updated IPS engine.
                GBOS5320016371
               
        2.1.2   Support added for VPNs with encryption objects without 
                authentication.
                GBOS5320016321
                
        2.1.3   Removed POP3 UDP port for 110 and IMAP UDP port for 143 from 
                service group.
                GBOS5320016621, GBOS5320016626
    
    2.2 Bug Fixes 
                
        2.2.1   Maintain read-only for runtime partition.
                GBOS523001631122
               
        2.2.2   When in bridge mode, the fxp driver correctly drops invalid 
                packets.
                GBOS5320016531, GBOS5320015756
               
        2.2.3   Configurations properly downloaded for IPSec Client LDAP or 
                RADIUS users with XAuth + Hybrid authentication.
                GBOS5320016521, GBOS5320016516
               
        2.2.4   MAC addresses are properly assigned for bridged firewalls.
                GBOS5320016476
               
        2.2.5   DHCP rebind only flushes DHCP interface connections.
                GBOS5320016336
               
        2.2.6   Systems properly reboot on upgrade, and on command from the Web
                or Console Interface.
                GBOS5320016356
               
        2.2.7   VPN notifications are correctly no longer sent when firewall is 
                in HA Slave state.
                GBOS5320016576
               
        2.2.8   Firewall remains operational after modifying address objects.
                GBOS5320016961
               
        2.2.9   Firewalls remain operational during High Availability state 
                transitions.
                GBOS5320016431 
                
        2.2.10  Firewall remains operational without unexpected or random 
                lock ups.
                GBOS5320017061
        
3.  NETWORK 
                
    3.1 Modifications
    
        3.1.1   Improved VPN Wizard.
                GBOS5320015396, GBOS5320015371, GBOS5320015361
        
        3.1.2   If duplicate remote networks are found, only the first user's 
                VPN will be configured.
                GBOS5320016296
               
        3.1.3   VPNs with encryption objects set to ANY in GB-OS 5.2.x are 
                mapped to Difiie-Hellman group 2 in GB-OS 5.3.x
                GBOS5320016506
               
        3.1.4   When using Xauth, assign a 32-bit netmask to the IPSec 
                Mobile Client
                GBOS5320016731

    3.3 Bug Fixes
    
        3.2.1   VPN identity is properly imported when using certificates.
                GBOS5320016501
               
        3.2.2   Network interface changes are properly configured when copying 
                test to live mode.
                GBOS5320016586
               
        3.2.3   Outbound mapping properly follows index order when assigning NAT
                address.
                GBOS5320016496
               
        3.2.4   IPSec VPN configuration files properly reload after changes.
                GBOS5320016901
               
        3.2.5   DNS cache is properly maintained for hosts that fail to resolve 
                during VPN configuration.
                GBOS5320016956
                
        3.2.6   High Availability remains operational with VLAN interfaces.
                GBOS5320016071
                
        3.2.7   When in High Availability mode, virtual MAC addresses are 
                properly used with VLAN.
                GBOS532007941
                
4.  SERVICES
    
    4.1 Modifications
    
        5.1.1   Added DHCP Relay support.
                GBOS5320011309
               
        5.1.2   Updated SNMP service.
                GBOS5320016241
                
    4.2 Bug Fixes
    
        4.2.1   DNS server properly handles continuous DNS queries. 
                GBOS5320014781

        4.2.2   DNS sever fully restarts before additional services are 
                initialized. 
                GBOS5320015741
               
        4.2.3   Authenticated users are properly flushed.
                GBOS5320015761
               
        4.2.4   When applying configurations from Test to Live mode, services 
                properly restart after the entire configuration has been applied.
                GBOS5320016596
               
        4.2.5   Outlook Exchange new message function properly behaves through 
                the SSL Sentinel Browser. 
                GBOS5320016706
               
        4.2.6   VLANs are properly merged from Master to Slave with High
                Availability.
                GBOS5320016851
               
        4.2.7   Traditional proxy properly processes post requests. 
                GBOS5320016936
                  
        4.2.8   SSL Sentinel services are properly started only with High 
                Availability master.
                GBOS5320016986, GBOS5320016981
                
        4.2.9   Rejected email recipients are properly logged as 
                "Reject (recipient)".
                GBOS5320017021
                
        4.2.10  NTP server properly logs IP address of peer server.
                GBOS5320017081
                                
5.  WEB INTERFACE 
    
    5.1 Modfications
                
        5.1.1   Improved system configuration verification.
                GBOS5320015521, GBOS5320015291, GBOS5320016656
               
        5.1.2   Verification added requiring bridged interfaces or LAGG 
                interfaces to have the same MTU.
                GBOS5320015421, GBOS5320015196
               
        5.1.3   Improved web interface link navigation. 
                GBOS5320016271
               
        5.1.4   Account Group list view now displays separate SSL Sentinel 
                Browser and Client settings.
                GBOS5320016591
               
        5.1.5   Renamed built-in encryption object, IPSec Mobile Encrypt, 
                to IPSec Mobile Enc.
                GBOS5320016741
                
        5.1.6   Added Port under Service in Monitoring section for network 
                connections.
                GBOS5320017056
                
        5.1.7   Added VLAN ID number to configuration settings and summary 
                reports.
                GBOS5320017051
                
        5.1.8   Improved web interface.
                GBOS5320017136
                
        5.1.9   Improved web interface descriptions for standard VPNs.
                GBOS5320017121
      
    5.2 Bug Fixes

        5.2.1   IPS Policies properly display when configuration section is 
                defaulted.
                GBOS5230016291
               
        5.2.2   Remote Access webpage is properly displayed according to user 
                permissions.
                GBOS5320016316
               
        5.2.3   Edit functions are properly disabled for read-only SSL Sentinel 
                Browser users.
                GBOS5320016426
               
        5.2.4   Flushed and idle connections are properly cleared from the 
                statistics data and graphs.
                GBOS5320015681
        
                
6.  RELEASE NOTES HISTORY

    6.1   Previous Release Notes
          These notes cover the 5.3.2 release of GB-OS. Release notes for 
          previous versions can be found at GTA's website, http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.