GB-OS FIREWALL SOFTWARE
Author: Global Technology Associates, Inc.
Product: GB-OS version 6.0.4
Date: 4 June 2012
GB-OS version 6.0.4 includes updated versions of the following GTA
products and utilities:
Release notes are located on the installation CD and on GTA's Web site.
For more about upgrading related software, see individual product
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
5. WEB INTERFACE
7. RELEASE NOTES HISTORY
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 5.4.x or below, new activation codes must be
entered. GB-OS version 6.0.4 is available at no charge to customers
with a GTA support contract or annual maintenance agreement.
Other users should contact their local Authorized GTA Channel Partner
or email email@example.com for information and pricing of upgrade options.
1.2 Upgrade Notes
1.2.1 Upgrading to GB-OS 6.0.x
Firewalls must be on GB-OS version 5.2.0 or higher to properly
upgrade to GB-OS 6.0.x. See the Upgrade Guide for more information.
1.2.2 GB-250 Rev B Upgrade to GB-OS 6.0.x
GB-250 Rev B firewalls on version GB-OS 5.2.x should be on runtime
slice 2 when upgrading to version 6.0.x.
The firewall's current runtime slice is displayed on the
firewall's System>Overview screen. To view the current slice, log
into the firewall's web administration interface and navigate to
System>Overview. The runtime section will display the firewall's
current runtime slice.
Additionaly, some GB-250 Rev B firewalls require a Bios Update
before updating to GB-OS 6.0.x. If the Bios version is not v0.99h
or higher,the Bios may need to be updated.
You can check the BIOS by:
1. Examining the hardware report for the Bios version:
BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
2. Connecting on the console interface and rebooting the
firewall. The first line displayed should be BIOS revision.
Example: PC Engines ALIX.2 v0.99h
You can check if the firewall is a GB-250 Rev B by the following:
1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
not have USB ports.
2. GB-250 Rev B firewall serial numbers are:
Starting at S/N 65002101 and above
Starting at S/N 65902101 and above
1.2.3 Re-sizing Slices and Runtime Upgrades
In order to support the new features in GB-OS 5.2.x and above,
some firewalls may require partition re-sizing during the
upgrade process. Upon re-sizing, both runtime slices will have
GB-OS 6.0.4, and firewall administrators WILL NOT be able to
revert to previous runtimes via the Console or Web interface.
GTA strongly recommends backing up current firewall
configurations PRIOR to upgrading.
Firewalls requiring re-sized partitions will take approximately
5-8 minutes to reboot and fully update once the runtime has
been applied. DO NOT switch off or reboot the firewall during
1.2.4 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser's cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 6.0.4. If the error messages persist, clear your
1.2.5 Firewall Control Center No Longer Supported
With the release of GB-OS 6.0, GTA's Firewall Control Center
(FWCC) will no longer be supported and will be removed from the
firewall interface for all products.
1.2.6 IPSec Object Upgrade
When upgrading to GB-OS 5.4.2 and above, all firewalls using
SHA-2, with keys larger than 128, will need to be upgraded.
If unable to upgrade, firewalls must be switched to a compatible
1.3 SSL Certificate Replacement
GB-OS version 6.0.4 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
2.1 Bug Fixes
2.1.1 TFTP server is properly exported in XML configuration.
2.1.2 Configuration settings are properly maintained when importing
XML configuration files.
2.1.3 Firewalls properly function with PPP and Link Aggregation.
2.1.4 Saving the configuration via the Console or Web Interface
properly auto-logs out the console to maintain proper
configuration sync between the two interfaces.
2.1.5 Time group policies properly process end of time segment.
2.1.6 Security policies properly drop deny options after being
changed to accept.
2.1.7 Old default route is removed if new default route is
2.1.8 IPS properly functions with networking between bridged and
2.1.9 Packets are now correctly routed for bridged connections.
2.1.10 IPv4 and IPv6 ident policies are properly generated.
2.1.11 SLAAC and DHCPv6 are properly displayed with VLAN interfaces.
2.1.12 Local L2TP packets are properly handled with traffic shaping
2.1.13 PPTP tunnels using hide source or double NAT properly function.
3.1.1 Traffic shaping limit maximum set to 5GB.
3.1.2 Improved certificate validation.
3.1.3 Improved NTFS support for USB devices.
3.1.4 Upgraded Anti-Spam processing.
3.1.5 Reporting intermediate files on RAM disk is maintained.
3.2 Bug Fixes
3.2.1 DCHP relay properly restarts when saving the network settings
3.2.2 Certificates are properly validated when making SSL connections
that require validation.
3.2.3 Files are properly uploaded using the SSL Browser via Safari.
3.2.4 Basic Setup Wizard properly sets the domain for the DCHP server
3.2.5 VPN site to site tunnels properly allow multiple local networks
to connect to the same remote network.
3.2.6 Disabling DHCP in IPv4 & IPv6 mode is properly honored.
3.2.7 Cloud backup properly functions with Box.net.
3.2.8 Automatic policy is properly created for TCP connections to
3.2.9 Improved log messages for PPTP and L2TP.
3.2.10 High Availability properly sends master advertisement for
systems with a large number of aliases.
3.2.11 Surf Sentinel properly recognizes and marks the rating server
as down, if it is unreachable.
3.2.12 Console interface properly displays SSL and None as remote
administration encryption options.
3.2.13 SNMP traps are properly not initialized if SNMP notifications
3.2.14 LDAP anonymous authentication method properly functions.
3.2.15 SSL Client properly restarts when changes to the users section h
ave been saved.
3.2.16 Dynamic DNS properly functions.
3.2.17 High Availability, when installed on two separate GB-Ware VMWare
systems, will properly honor system priority for master and
slave. If High Availability priority is the same, the first
firewall in master state will remain master.
3.2.18 DHCPv4 and DHCPv6 properly function simultaneously on the same
3.2.19 Dynamic DNS is properly restarted after address changes.
4.1 Bug Fixes
4.1.1 IPSec Set Up Wizard properly uses a pre-shared secret for
firewall to firewall VPNs.
5. WEB INTERFACE
5.1.1 Improved system configuration verification.
GBOS6040022106, GBOS6040022346, GBOS6040022831, GBOS6040022836,
5.1.2 Improved Basic Setup Wizard design layout.
5.1.3 Improved configuration hints in Basic Setup Wizard.
5.1.4 Improved system summary report.
5.1.5 Country list is now sorted by name on the Contact Information
page and in the Basic Setup Wizard.
5.1.6 Removed invalid Delete icon from the IPS policies section.
5.1.7 Improved processing speed for the Basic Setup Wizard.
5.1.8 Basic Setup Wizard preserves network information, if present,
for the first three interfaces.
5.2 Bug Fixes
5.2.1 Basic Setup Wizard no longer displays un-configured PPP
5.2.2 Address objects are properly defaulted when running the Basic
5.2.3 UTC is no longer displayed as "null" in the web interface.
5.2.4 Cloud backup is properly disabled when a valid support contract
is not found.
5.2.5 Mail Sentinel summary only displays quarantine if enabled.
5.2.6 Files are properly uploaded using the SSL Browser.
5.2.7 The host list is properly updated and sorted on the system
5.2.8 VLAN and HA options are properly disabled if NIC is set to PPP.
5.2.9 Network settings summary properly displays SLAAC option for
IPv6 when appropriate.
5.2.10 PPP interface configuration options are properly displayed.
5.2.11 Basic Setup Wizard properly sets the automatic policy for the
DHCP Server, when enabled.
5.2.12 Basic Setup Wizard properly enables Router Advertisement if both
DHCP Server and IPv6 are enabled.
5.2.13 Basic Setup Wizard properly generates certificates after
NTP service has started.
5.2.14 Configuration backup properly hides or displays the password
row as configured.
5.2.15 PPPoE and PPTP addresses are properly displayed in the
5.2.16 GB-250 Rev B firewalls properly display the comport option.
6.1.1 Improved system reports.
7. RELEASE NOTES HISTORY
7.1 Previous Release Notes
These notes cover the 6.0.4 release of GB-OS. Release notes for
previous versions can be found at GTA's website, http://www.gta.com.
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817