GB-OS FIREWALL SOFTWARE
VERSION 5.4.1
RELEASE NOTES
Author: Global Technology Associates, Inc.
Product: GB-OS version 5.4.1
Date: 18 January 2011
-------------------------------------------------------------------------
GB-OS version 5.4.1 includes updated versions of the following GTA
products and utilities:
GB-OS 5.4.1
Release notes are located on the installation CD and on GTA's Web site.
For more about upgrading related software, see individual product
release notes.
-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
2. SYSTEM
3. NETWORK
4. SERVICES
5. THREAT MANAGEMENT
6. WEB INTERFACE
7. RELEASE NOTES HISTORY
-------------------------------------------------------------------------
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 5.3.x or below, new activation codes must be
entered. GB-OS version 5.4.1 is available at no charge to
customers with a GTA support contract or annual maintenance
agreement. Other users should contact their local Authorized GTA
Channel Partner or email sales@gta.com for information and pricing
of upgrade options.
1.2 Upgrade Notes
1.2.1 Upgrading to GB-OS 5.4
Firewalls must be on GB-OS version 5.2.0 or higher to properly
upgrade to GB-OS 5.4. See the Upgrade Guide for more information.
1.2.2 GB-250 Rev B Upgrade to GB-OS 5.4
GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
to version 5.4.
The firewall's current runtime slice is displayed on the
firewall's System>Overview screen. To view the current slice, log
into the firewall's web administration interface and navigate to
System>Overview. The runtime section will display the firewall's
current runtime slice.
Additionaly, some GB-250 Rev B firewalls require a Bios Update
before updating to GB-OS 5.4.1. If the Bios version is not v0.99h
or higher,the Bios may need to be updated.
You can check the BIOS by:
1. Examining the hardware report for the Bios version:
BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
2. Connecting on the console interface and rebooting the
firewall. The first line displayed should be BIOS revision.
Example: PC Engines ALIX.2 v0.99h
You can check if the firewall is a GB-250 Rev B by the following:
1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
not have USB ports.
2. GB-250 Rev B firewall serial numbers are:
Starting at S/N 65002101 and above
Starting at S/N 65902101 and above
1.2.3 Re-sizing Slices and Runtime Upgrades
In order to support the new features in GB-OS 5.2.x and above,
some firewalls may require partition re-sizing during the
upgrade process. Upon re-sizing, both runtime slices will have
GB-OS 5.4.1, and firewall administrators WILL NOT be able to
revert to previous runtimes via the Console or Web interface.
GTA strongly recommends backing up current firewall
configurations PRIOR to upgrading.
Firewalls requiring re-sized partitions will take approximately
5-8 minutes to reboot and fully update once the runtime has
been applied. DO NOT switch off or reboot the firewall during
this process.
1.2.4 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser's cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 5.4.0. If the error messages persist, clear your
browser's cache.
1.3 SSL Certificate Replacement
GB-OS version 5.4.1 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
2. SYSTEM
2.1 Modifications
2.1.1 Improved system memory allows firewalls to properly process
emails.
GBOS5410018311
2.1.2 Improved system memory by decreasing and limiting log and error
message file saves.
GBOS5410018496
2.1.3 UDP traceroute over VPNs is now supported.
GBOS5410018056
2.1.4 Spoof logs now display the return interface name.
GBOS5410011326
2.2 Bug Fixes
2.2.1 Firewall properly handles generated reset packets.
GBOS5410018421
2.2.2 Log messages are no longer corrupted.
GBOS5410018306
2.2.3 Flushing active connections with SIP support enabled no longer
causes firewall to reboot.
GBOS5410018601
2.2.4 Policies properly match broadcast packets.
GBOS5410018371, GBOS5410018381
2.2.5 Email and back up configurations are properly sent via
inbound tunnel.
GBOS5410018566
2.2.6 Disabling lockout properly flushes the locked out list.
GBOS5410018686
2.2.7 Defaulting address objects with a large number of logical
interfaces is properly handled.
GBOS5410018551
2.2.8 IP pass through is properly allowed with bridged interfaces.
GBOS5410017696
3. NETWORK
3.1 Bug Fixes
3.1.1 Traffic shaping properly functions with high bandwidth usage.
GBOS5410018506
3.1.2 BGP neighbors properly upgrade.
GBOS5410018616
3.1.3 Traffic shaping properly functions when using IPSec policies
with weight set to 10.
GBOS5410018511
4. SERVICES
4.1 Modifications
4.1.1 Added option to configure the policy generation level for
Shrew Soft Client users.
GBOS5410018591
4.1.2 Local group overrides are now supported for IPSec mobile
clients using XAUTH.
GBOS5410018456
4.1.3 Added the ability to enable/disable SIP support.
GBOS5410018556
4.2 Bug Fixes
4.2.1 DHCP relay no longer attempts to process packets on
interfaces without an IP address.
GBOS5410018296, GBOS5410018301
4.2.2 Surf Sentinel properly maintains licenses on firewalls with
dual external gateways.
GBOS5410018481
4.2.3 High Availability firewalls now correctly sends ARP with
correct virtual MAC for master and slave.
GBOS5410018651
4.2.4 GBAuth user is properly unauthorized when firewall disconnects
expired client.
GBOS5410018626
4.2.5 Traditional proxy properly initializes connections with
https sites.
GBOS5410018466
4.2.6 Down VPN notifications are properly sent every 15 minutes.
GBOS5410016546
4.2.7 Forward slashes are removed from configuration zip file
attachments to allow for proper email receipt by helpdesk.
GBOS5410018446
4.2.8 PPTP and L2TP properly restart after High Availability state
changes.
GBOS5410018786
5. REPORTS
5.1 Bug Fixes
5.1.1 Weekly reports fun on the first day of the month are now
properly generated.
GBOS5410018276
5.1.2 Scheduled reports To and From fields are defaulted with the
notify values for sending emails. If the notification
From: field is blank, "fw@" notifications default
will be used.
GBOS5410018261
6. WEB INTERFACE
6.1 Modifications
6.1.1 Improved system configuration verification.
GBOS5410017726, GBOS5410018006, GBOS5410017601, GBOS5410017616.
GBOS5410018151, GBOS5410013836
6.1.2 Improved web interface hints.
GBOS5410017766, GBOS5410007946, GBOS5410007931, GBOS5410018641
6.1.3 Improved display of historical statistics page.
GBOS5410018071
6.1.4 Added XML import to remote access preferences to properly
import/export LDAP and RADIUS options.
GBOS5410018396, GBOS5410018341
6.1.5 Network activity ARP table no longer displays disabled
interfaces.
GBOS5410018256
6.1.6 Improved speed when saving network information.
GBOS5410017701
6.1.7 Added flush button to the Locked Out Monitoring page.
GBOS5410018661
6.1.8 Improved system notifications.
GBOS5410018696
6.1.9 Removed ability to configure IPS on security policies for
L2TP and PPTP.
GBOS5410018731
6.2 Bug Fixes
6.2.1 Improved SSL Browser support for sites that use cookies
to login.
GBOS5410018221
6.2.2 When monitoring network activity, ICMP connections are
properly filtered.
GBOS5410017691
6.2.3 Firewalls with bridged interfaces properly display routes.
GBOS5410007501
6.2.4 WWWadmin no longer coredumps when saving the Traffic Shaping
section.
GBOS5410018546
7. RELEASE NOTES HISTORY
7.1 Previous Release Notes
These notes cover the 5.4.1 release of GB-OS. Release notes for
previous versions can be found at GTA's website, http://www.gta.com.
-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
|
