GB-OS FIREWALL SOFTWARE
Author: Global Technology Associates, Inc.
Product: GB-OS version 6.0.1
Date: 12 September 2011
GB-OS version 6.0.1 includes updated versions of the following GTA
products and utilities:
Release notes are located on the installation CD and on GTA's Web site.
For more about upgrading related software, see individual product
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
4. WEB INTERFACE
5. RELEASE NOTES HISTORY
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 5.4.x or below, new activation codes must be
entered. GB-OS version 6.0.1 is available at no charge to customers
with a GTA support contract or annual maintenance agreement.
Other users should contact their local Authorized GTA Channel Partner
or email email@example.com for information and pricing of upgrade options.
1.2 Upgrade Notes
1.2.1 Upgrading to GB-OS 6.0.x
Firewalls must be on GB-OS version 5.2.0 or higher to properly
upgrade to GB-OS 6.0.x. See the Upgrade Guide for more information.
1.2.2 GB-250 Rev B Upgrade to GB-OS 6.0.x
GB-250 Rev B firewalls on version GB-OS 5.2.x should be on runtime
slice 2 when upgrading to version 6.0.x.
The firewall's current runtime slice is displayed on the
firewall's System>Overview screen. To view the current slice, log
into the firewall's web administration interface and navigate to
System>Overview. The runtime section will display the firewall's
current runtime slice.
Additionaly, some GB-250 Rev B firewalls require a Bios Update
before updating to GB-OS 6.0.x. If the Bios version is not v0.99h
or higher,the Bios may need to be updated.
You can check the BIOS by:
1. Examining the hardware report for the Bios version:
BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
2. Connecting on the console interface and rebooting the
firewall. The first line displayed should be BIOS revision.
Example: PC Engines ALIX.2 v0.99h
You can check if the firewall is a GB-250 Rev B by the following:
1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
not have USB ports.
2. GB-250 Rev B firewall serial numbers are:
Starting at S/N 65002101 and above
Starting at S/N 65902101 and above
1.2.3 Re-sizing Slices and Runtime Upgrades
In order to support the new features in GB-OS 5.2.x and above,
some firewalls may require partition re-sizing during the
upgrade process. Upon re-sizing, both runtime slices will have
GB-OS 6.0.1, and firewall administrators WILL NOT be able to
revert to previous runtimes via the Console or Web interface.
GTA strongly recommends backing up current firewall
configurations PRIOR to upgrading.
Firewalls requiring re-sized partitions will take approximately
5-8 minutes to reboot and fully update once the runtime has
been applied. DO NOT switch off or reboot the firewall during
1.2.4 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser's cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 6.0.0. If the error messages persist, clear your
1.2.5 Firewall Control Center No Longer Supported
With the release of GB-OS 6.0, GTA's Firewall Control Center
(FWCC) will no longer be supported and will be removed from the
firewall interface for all products.
1.2.6 IPSec Object Upgrade
When upgrading to GB-OS 5.4.2 and above, all firewalls using
SHA-2, with keys larger than 128, will need to be upgraded.
If unable to upgrade, firewalls must be switched to a compatible
1.3 SSL Certificate Replacement
GB-OS version 6.0.1 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
2.1 Bug Fixes
2.1.1 DHCP information is properly retained upon upgrading from
GB-OS 5.4.x to GB-OS 6.0.x.
2.1.2 Firewall remains operational when using PPTP.
2.1.3 Round robin between range end points properly functions.
2.1.4 Policies are properly passed to reporting as configured.
2.1.5 Firewall no longer has unexpected reboot due to Ident.
2.1.6 Remote Administration zone is properly imported with XML import.
2.1.7 Firewall properly displays correct connections count.
2.1.8 LAGG devices are not mapped to eth.
2.1.9 Log messages are properly sent for invalid packets.
2.1.10 GB-Ware properly runs on older hardware which doesn't have
proper DMA support.
2.1.11 Packets are correctly processed when time to live is exceeded.
2.1.12 Default route is properly saved when set through the console
3.1 Bug Fixes
3.1.1 Site to site VPN properly functions when dynamic IP address is
set for the local gateway.
3.1.2 IPv6 default route no longer removed after reboot with gateway
failover enabled for IPv4 gateways.
3.1.3 Traffic through inbound tunnels using hide source is properly
handled when accessed via NAT VPN.
4.1 New Features
4.1.1 Added LDAP support for IPv6 server addresses.
4.1.2 Added new grey list addresses for AOL.
4.1.3 Added support for TCP DNS proxy requests.
4.1.4 Added cloud support for configuration backup and restore with
Dropbox and Box.net.
4.1.5 Added ability to backup and restore configurations to the
console via USB.
4.2.1 Improved router advertisement support.
4.3 Bug Fixes
4.3.1 IPv6 notifications are properly sent only when applicable.
4.3.2 Traditional proxy properly allows SSL connections.
4.3.3 Mail Sentinel properly displays IP addresses in email headers.
4.3.4 MAPS properly uses correct IP addresses.
4.3.5 Email notifications for alarms properly display IP addresses
and correct port numbers.
4.3.6 IPSec Client properly accepts special characters for password
authentication with X-AUTH.
4.3.7 DNS is used to correctly look up server IP addresses for
4.3.8 DHCP renewal no longer causes static VPN to drop.
4.3.9 Firewalls properly create IPSec objects using SHA-2 with key
sizes greater than 128.
4.3.10 DNS server properly creates auto policy for allowing access
only by protected and PSN zones.
4.3.11 SNMP walk properly returns objects.
4.3.12 DNS proxy properly limits auto polices to only allow protected
4.3.13 Surf Sentinel traditional proxy automatic policies properly
allow connections only from protected interfaces.
4.3.14 High Availability systems properly fetch routing monitoring
4.3.15 Em driver properly functions with LAGG interfaces.
5.1.1 Reports subject and comment sections are only displayed when
5.1.2 GB-Ware enterprise and unrestricted systems now have Top 25
5.2 Bug Fixes
5.2.1 Reports properly display IP addresses according to designated
internet protocol setting.
6. WEB INTERFACE
6.1 New Features
6.1.1 Added ability to backup to, and restore from, a USB device.
6.1.2 Added option to disable remote license checking.
6.1.3 Added synchronize button to web interface to copy live
configurations to test mode.
6.2.1 Improved system configuration verification.
GBOS6010019971, GBOS6010020146, GBOS6010020186, GBOS6010020031,
6.2.3 Backups can now be restored from Ccompressed file types zip,
7zip and bzip2.
6.2.4 Prefix advertisement is disabled if using DHCP or SLAAC.
6.2.5 Firewall properly prompts the user to reboot upon changing the
6.2.6 Updated naming in web interface, changing instances of ICMPv6
to Neighbor Advert and Neighbor Solicit.
6.2.7 Delete button properly removed from RIP configuration screen.
6.2.8 Updated web interface localization.
6.3 Bug Fixes
6.3.1 System information page properly displays correct overview
information according to the IP protocol configuration setting.
6.3.2 Active connections filter properly displays multiple types.
6.3.3 Inbound tunnels user defined IP are properly saved.
6.3.4 User IP is properly displayed for PPTP in the monitoring
6.3.5 LAGG network statistics are properly displayed in the
6.3.6 Set Up Wizard summary properly displays only the default routes
applicable to the defined internet protocol setting.
7. RELEASE NOTES HISTORY
7.1 Previous Release Notes
These notes cover the 6.0.1 release of GB-OS. Release notes for
previous versions can be found at GTA's website, http://www.gta.com.
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817