GB-OS FIREWALL SOFTWARE
VERSION 5.3.4
RELEASE NOTES
Author: Global Technology Associates, Inc.
Product: GB-OS version 5.3.4
Date: 18 January 2011
-------------------------------------------------------------------------
GB-OS version 5.3.4 includes updated versions of the following GTA
products and utilities:
GB-OS 5.3.4
Release notes are located on the installation CD and on GTA's Web site.
For more about upgrading related software, see individual product
release notes.
-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
2. SYSTEM
3. NETWORK
4. SERVICES
5. WEB INTERFACE
6. RELEASE NOTES HISTORY
-------------------------------------------------------------------------
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 5.2.x or below, new activation codes must be
entered. GB-OS version 5.3.4 is available at no charge to
customers with a GTA support contract or annual maintenance
agreement. Other users should contact their local Authorized GTA
Channel Partner or email sales@gta.com for information and pricing
of upgrade options.
1.2 Upgrade Notes
1.2.1 Upgrading to GB-OS 5.3
Firewalls must be on GB-OS version 5.2.0 or higher to properly
upgrade to GB-OS 5.3. See the Upgrade Guide for more information.
1.2.2 GB-250 Rev B Upgrade to GB-OS 5.3
GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
to version 5.3.
The firewall's current runtime slice is displayed on the
firewall's System>Overview screen. To view the current slice, log
into the firewall's web administration interface and navigate to
System>Overview. The runtime section will display the firewall's
current runtime slice.
Additionaly, some GB-250 Rev B firewalls require a Bios Update
before updating to GB-OS 5.3.4. If the Bios version is not v0.99h
or higher,the Bios may need to be updated.
You can check the BIOS by:
1. Examining the hardware report for the Bios version:
BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
2. Connecting on the console interface and rebooting the
firewall. The first line displayed should be BIOS revision.
Example: PC Engines ALIX.2 v0.99h
You can check if the firewall is a GB-250 Rev B by the following:
1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
not have USB ports.
2. GB-250 Rev B firewall serial numbers are:
Starting at S/N 65002101 and above
Starting at S/N 65902101 and above
1.2.3 Re-sizing Slices and Runtime Upgrades
In order to support the new features in GB-OS 5.2.x and above,
some firewalls may require partition re-sizing during the
upgrade process. Upon re-sizing, both runtime slices will have
GB-OS 5.3.4, and firewall administrators WILL NOT be able to
revert to previous runtimes via the Console or Web interface.
GTA strongly recommends backing up current firewall
configurations PRIOR to upgrading.
Firewalls requiring re-sized partitions will take approximately
5-8 minutes to reboot and fully update once the runtime has
been applied. DO NOT switch off or reboot the firewall during
this process.
1.2.4 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser's cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 5.3.4. If the error messages persist, clear your
browser's cache.
1.3 SSL Certificate Replacement
GB-OS version 5.3.4 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
2. SYSTEM
2.1 Modifications
2.1.2 UDP traceroute over VPNs is now supported.
GBSO5340018771
2.1.3 Spoof logs now display the return interface name.
GBOS5340018781
2.2 Bug Fixes
2.2.1 Policies properly match broadcast packets.
GBOS5340018376
2.2.2 Email and back up configurations are properly sent via inbound
tunnel.
GBOS5340016996
2.2.3 Defaulting address objects with a large number of logical
interfaces is now properly handled.
GBOS5340018576
2.2.4 Firewall properly maintains connection when windows trace routes
are performed.
GBOS5340018391
2.2.5 Flushing active connections with SIP support enabled no longer
causes firewall to reboot.
GBOS5340018611
2.2.6 IP pass through is properly allowed with bridged interfaces.
GBOS5340018741
2.2.7 Firewall remains operational when local network connects to
remote servers with and without IPS enabled.
GBOS5340007771, GBOS5340011566
3. NETWORK
3.1 Bug Fixes
3.1.1 Traffic shaping properly functions with high bandwidth usage.
GBOS5340018501
4. SERVICES
4.1 Modifications
4.1.1 Added option to configure the policy generation level for
Shrew Soft Client users.
GBOS5340018596
4.1.2 Local group overrides are now supported for IPSec mobile clients
using XAUTH.
GBOS5340018461
4.1.3 Added system log messages.
GBOS5340015461
4.1.4 Added the ability to enable/disable SIP support.
GBOS5340018561
4.2 Bug Fixes
4.2.1 High Availability firewalls now correctly sends ARP with correct
virtual MAC for master and slave.
GBOS5340018606
4.2.2 GBAuth user is properly unauthorized when firewall disconnects
expired client.
GBOS5340018631
4.2.3 DNS properly starts before NTP service.
GBOS5340016801
4.2.4 IPS purge disk properly flushes downloaded files.
GBOS5340016381
5. WEB INTERFACE
5.1 Modfications
5.1.1 Improved web interface hints.
GBOS5340018366, GBOS5340018646
5.1.2 Improved system configuration verification.
GBOS5340016146, GBOS5340014481, GBOS5340012921, GBOS5340018721
5.1.3 Added flush button to the Locked Out Monitoring page.
GBOS5340018666
5.1.4 Added XML import to remote access preferences to properly
import/export LDAP and RADIUS options.
GBOS5340018346, GBOS5340018406
5.1.5 Improved speed when saving network information.
GBOS5340018386
5.1.6 Network activity ARP table no longer displays disabled
interfaces.
GBOS5340018356
5.1.7 Modified WWW Admin encryption level choices to none or
SSL (high).
GBOS5340017011, GBOS5340003127
5.2 Bug Fixes
5.2.1 WWWadmin no longer coredumps when saving the Traffic Shaping
section.
GBOS5340018541
5.2.2 Importing PKCS12 certificate file no longer results in
duplicated certificates.
GBOS5340017271
6. RELEASE NOTES HISTORY
6.1 Previous Release Notes
These notes cover the 5.3.4 release of GB-OS. Release notes for
previous versions can be found at GTA's website, http://www.gta.com.
-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
|
