Unified Threat Management - Support | GTA, Inc.

		                         

                         GB-OS FIREWALL SOFTWARE
                            VERSION 5.4.1
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 5.4.1
Date:       18 January 2011 

-------------------------------------------------------------------------
GB-OS version 5.4.1 includes updated versions of the following GTA
products and utilities:

    GB-OS                       5.4.1

Release notes are located on the installation CD and on GTA's Web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SYSTEM

3.  NETWORK

4.  SERVICES

5.  THREAT MANAGEMENT

6.  WEB INTERFACE

7.  RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 5.3.x or below, new activation codes must be
        entered. GB-OS version 5.4.1 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local Authorized GTA 
        Channel Partner or email sales@gta.com for information and pricing 
        of upgrade options.

        
    1.2 Upgrade Notes   
        
        1.2.1 Upgrading to GB-OS 5.4
        
              Firewalls must be on GB-OS version 5.2.0 or higher to properly
              upgrade to GB-OS 5.4. See the Upgrade Guide for more information.
              
              
        1.2.2 GB-250 Rev B Upgrade to GB-OS 5.4 
        
              GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
              to version 5.4.

              The firewall's current runtime slice is displayed on the 
              firewall's System>Overview screen. To view the current slice, log 
              into the firewall's web administration interface and navigate to 
              System>Overview. The runtime section will display the firewall's 
              current runtime slice.
              
              Additionaly, some GB-250 Rev B firewalls require a Bios Update 
              before updating to GB-OS 5.4.1. If the Bios version is not v0.99h 
              or higher,the Bios may need to be updated. 
              
              You can check the BIOS by:
          
                 1. Examining the hardware report for the Bios version:
             
                    BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
             
                 2. Connecting on the console interface and rebooting the 
                    firewall. The first line displayed should be BIOS revision. 
                
                    Example: PC Engines ALIX.2 v0.99h
              
               You can check if the firewall is a GB-250 Rev B by the following:
              
                 1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
                    not have USB ports. 
              
                 2. GB-250 Rev B firewall serial numbers are:
                
                    Starting at S/N 65002101 and above 
                    Starting at S/N 65902101 and above

        
        1.2.3 Re-sizing Slices and Runtime Upgrades
              
              In order to support the new features in GB-OS 5.2.x and above, 
              some firewalls may require partition re-sizing during the 
              upgrade process. Upon re-sizing, both runtime slices will have 
              GB-OS 5.4.1, and firewall administrators WILL NOT be able to 
              revert to previous runtimes via the Console or Web interface.
              
              GTA strongly recommends backing up current firewall 
              configurations PRIOR to upgrading.

              Firewalls requiring re-sized partitions will take approximately 
              5-8 minutes to reboot and fully update once the runtime has 
              been applied. DO NOT switch off or reboot the firewall during 
              this process.

        
        1.2.4 Error Messages Upon Initial Reboot
    
              Upon rebooting after successful installation, the GTA
              Firewall UTM Appliance may display errors when accessed
              using the Web interface.  This is expected, these errors are
              generated because the browser's cache is trying to access
              files and locations that no longer apply. Click OK to any
              displayed errors and refresh the browser window to access
              GB-OS 5.4.0. If the error messages persist, clear your
              browser's cache.
              
            
    1.3 SSL Certificate Replacement

        GB-OS version 5.4.1 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  SYSTEM      
            
    2.1 Modifications
    
        2.1.1   Improved system memory allows firewalls to properly process 
                emails.
                GBOS5410018311

        2.1.2   Improved system memory by decreasing and limiting log and error
                message file saves.
                GBOS5410018496
                
        2.1.3   UDP traceroute over VPNs is now supported.
                GBOS5410018056
                
        2.1.4   Spoof logs now display the return interface name.
                GBOS5410011326
                
    2.2 Bug Fixes
        
        2.2.1   Firewall properly handles generated reset packets.
                GBOS5410018421
                
        2.2.2   Log messages are no longer corrupted.
                GBOS5410018306
                
        2.2.3   Flushing active connections with SIP support enabled no longer 
                causes firewall to reboot.
                GBOS5410018601
                
        2.2.4   Policies properly match broadcast packets. 
                GBOS5410018371, GBOS5410018381
                
        2.2.5   Email and back up configurations are properly sent via 
                inbound tunnel.
                GBOS5410018566
                
        2.2.6   Disabling lockout properly flushes the locked out list.
                GBOS5410018686
                
        2.2.7   Defaulting address objects with a large number of logical 
                interfaces is properly handled.
                GBOS5410018551
                
        2.2.8   IP pass through is properly allowed with bridged interfaces.
                GBOS5410017696
    
3.  NETWORK   
                
    3.1 Bug Fixes
    
        3.1.1   Traffic shaping properly functions with high bandwidth usage.
                GBOS5410018506
                
        3.1.2   BGP neighbors properly upgrade.
                GBOS5410018616
                
        3.1.3   Traffic shaping properly functions when using IPSec policies 
                with weight set to 10.
                GBOS5410018511
                
4.  SERVICES 
                
    4.1 Modifications
    
        4.1.1   Added option to configure the policy generation level for 
                Shrew Soft Client users.
                GBOS5410018591
                
        4.1.2   Local group overrides are now supported for IPSec mobile 
                clients using XAUTH.
                GBOS5410018456
                
        4.1.3   Added the ability to enable/disable SIP support.
                GBOS5410018556
                
    4.2 Bug Fixes
    
        4.2.1   DHCP relay no longer attempts to process packets on 
                interfaces without an IP address.
                GBOS5410018296, GBOS5410018301
                
        4.2.2   Surf Sentinel properly maintains licenses on firewalls with
                dual external gateways.
                GBOS5410018481
                
        4.2.3   High Availability firewalls now correctly sends ARP with 
                correct virtual MAC for master and slave.
                GBOS5410018651
                
        4.2.4   GBAuth user is properly unauthorized when firewall disconnects 
                expired client.
                GBOS5410018626
                
        4.2.5   Traditional proxy properly initializes connections with 
                https sites.
                GBOS5410018466
                
        4.2.6   Down VPN notifications are properly sent every 15 minutes.
                GBOS5410016546
                
        4.2.7   Forward slashes are removed from configuration zip file 
                attachments to allow for proper email receipt by helpdesk. 
                GBOS5410018446
                
        4.2.8   PPTP and L2TP properly restart after High Availability state 
                changes.
                GBOS5410018786
        
5.  REPORTS

    5.1 Bug Fixes
    
        5.1.1   Weekly reports fun on the first day of the month are now 
                properly generated.
                GBOS5410018276

        5.1.2   Scheduled reports To and From fields are defaulted with the 
                notify values for sending emails. If the notification 
                From: field is blank, "fw@" notifications default 
                will be used. 
                GBOS5410018261

6.  WEB INTERFACE 
      
    6.1 Modifications

        6.1.1   Improved system configuration verification.
                GBOS5410017726, GBOS5410018006, GBOS5410017601, GBOS5410017616.
                GBOS5410018151, GBOS5410013836
                
        6.1.2   Improved web interface hints.
                GBOS5410017766, GBOS5410007946, GBOS5410007931, GBOS5410018641
                
        6.1.3   Improved display of historical statistics page.
                GBOS5410018071 
                
        6.1.4   Added XML import to remote access preferences to properly 
                import/export LDAP and RADIUS options.
                GBOS5410018396, GBOS5410018341
                
        6.1.5   Network activity ARP table no longer displays disabled 
                interfaces.
                GBOS5410018256
                
        6.1.6   Improved speed when saving network information.
                GBOS5410017701
                
        6.1.7   Added flush button to the Locked Out Monitoring page.
                GBOS5410018661
                
        6.1.8   Improved system notifications.
                GBOS5410018696
                
        6.1.9   Removed ability to configure IPS on security policies for 
                L2TP and PPTP.
                GBOS5410018731
                           
    6.2 Bug Fixes
    
        6.2.1   Improved SSL Browser support for sites that use cookies 
                to login.
                GBOS5410018221
                
        6.2.2   When monitoring network activity, ICMP connections are 
                properly filtered.
                GBOS5410017691
                
        6.2.3   Firewalls with bridged interfaces properly display routes.
                GBOS5410007501
                
        6.2.4   WWWadmin no longer coredumps when saving the Traffic Shaping 
                section.
                GBOS5410018546

                
7.  RELEASE NOTES HISTORY

    7.1   Previous Release Notes
          These notes cover the 5.4.1 release of GB-OS. Release notes for 
          previous versions can be found at GTA's website, http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.