Unified Threat Management - Support | GTA, Inc.

		                         

                         GB-OS FIREWALL SOFTWARE
                            VERSION 6.1.0
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 6.1.0
Date:       12 December 2012 

-------------------------------------------------------------------------
GB-OS version 6.1.0 includes updated versions of the following GTA
products and utilities:

    GB-OS                       6.1.0

Release notes are located on the installation CD and on GTA's Web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SYSTEM

3.	SERVICES

4.  REPORTS

5.  WEB INTERFACE

6.  CONSOLE

7.  RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 6.0.x or below, new activation codes must be
        entered. GB-OS version 6.1.0 is available at no charge to customers 
        with a GTA support contract or annual maintenance agreement. 
        Other users should contact their local Authorized GTA Channel Partner 
        or email sales@gta.com for information and pricing of upgrade options.

        
    1.2 Upgrade Notes   
        
        1.2.1 Upgrading to GB-OS 6.1.x
        
              Firewalls must be on GB-OS version 6.0.x or higher to properly
              upgrade to GB-OS 6.1.x. See the Upgrade Guide for more information.
              
              
        1.2.2 GB-250 Rev B Upgrade to GB-OS 6.1.x
        
              GB-250 Rev B firewalls on version GB-OS 5.2.x should be on runtime
              slice 2 when upgrading to version 6.1.x. 

              The firewall's current runtime slice is displayed on the 
              firewall's System>Overview screen. To view the current slice, log 
              into the firewall's web administration interface and navigate to 
              System>Overview. The runtime section will display the firewall's 
              current runtime slice.
              
              Additionaly, some GB-250 Rev B firewalls require a Bios Update 
              before updating to GB-OS 6.1.x. If the Bios version is not v0.99h 
              or higher,the Bios may need to be updated. 
              
              You can check the BIOS by:
          
                 1. Examining the hardware report for the Bios version:
             
                    BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
             
                 2. Connecting on the console interface and rebooting the 
                    firewall. The first line displayed should be BIOS revision. 
                
                    Example: PC Engines ALIX.2 v0.99h
                    
              GB-250 Rev A firewalls are NOT supported in GB-OS 6.1.0 and above.
              Determine GB-250 Rev A or Rev B by the following:
              
                 1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
                    not have USB ports. 
              
                 2. GB-250 Rev B firewall serial numbers are:
                    Starting at S/N 65002101 and above 
                    Starting at S/N 65902101 and above

        
        1.2.3 Re-sizing Slices and Runtime Upgrades
              
              In order to support the new features in GB-OS 5.2.x and above, 
              some firewalls may require partition re-sizing during the 
              upgrade process. Upon re-sizing, both runtime slices will have 
              GB-OS 6.1.0, and firewall administrators WILL NOT be able to 
              revert to previous runtimes via the Console or Web interface.
              
              GTA strongly recommends backing up current firewall 
              configurations PRIOR to upgrading.

              Firewalls requiring re-sized partitions will take approximately 
              5-8 minutes to reboot and fully update once the runtime has 
              been applied. DO NOT switch off or reboot the firewall during 
              this process.

        
        1.2.4 Error Messages Upon Initial Reboot
    
              Upon rebooting after successful installation, the GTA
              Firewall UTM Appliance may display errors when accessed
              using the Web interface.  This is expected, these errors are
              generated because the browser's cache is trying to access
              files and locations that no longer apply. Click OK to any
              displayed errors and refresh the browser window to access
              GB-OS 6.1.0. If the error messages persist, clear your
              browser's cache.                         
              
              
        1.2.5 IPSec Object Upgrade 
        
              When upgrading to GB-OS 5.4.2 and above, all firewalls using 
              SHA-2, with keys larger than 128, will need to be upgraded. 
              If unable to upgrade, firewalls must be switched to a compatible 
              algorithm
               
               
    1.3 SSL Certificate Replacement

        GB-OS version 6.1.0 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  SYSTEM                       
    
    2.1 New Features 
    
        2.1.1   GB-250 Revision A firewalls are not supported in GB-OS version 
                6.1.0 and above. To determine if your GB-250 firewall is Rev A 
                or Rev B: GB-250 Rev A firewalls do not have USB ports, while 
                GB-250 Rev B firewalls do have USB ports. GB-250 Rev B serial 
                numbers are 65002101 and above, and 65902101 and above.
                GBOS6100020461  
                
        2.1.2   Added ability to use objects that hold domain or host names. 
                GBOS6100004015
                
        2.1.3   Added the ability to specify the destination network for 
                IP Pass Through.
                GBOS6100002144
                
        2.1.4   Added support for mounting USB devices using GPT partitions.
                GBOS6100023036

        2.1.5   Added country code white list object. 
                GBOS6100022976
                
        2.1.6   Added built-in service objects MSNP, RTMP and XMPP.
                GBOS6100024061
                
        2.1.7   Added ability to limit static mapping based upon destination 
                address.
                GBOS6100018206

    2.2 Modifications      
        
        2.2.1   Log messages showing duration now include microseconds.
                GBOS6100021846
                
        2.2.2   Configuration backups via email now display an editable 
                From field.
                GBOS6100021531
                
        2.2.3   FTP/CIFS logins only allow virtual keyboard logins if the 
                virtual keyboard is set to Required. 
                GBOS6100016651
                
        2.2.4   Updated system log messages.
                GBOS6100023491, GBOS6100024111, GBOS6100024736
                
        2.2.5   Active connections now track total packets sent and received 
                for persistent connections. 
                GBOS6100023976
                
        2.2.6   Updated drivers for GB-Ware. 
                GBOS6100020276, GBOS6100019626, GBOS6100018871
                
    2.3 Bug Fixes
        
        2.3.1   Stealth mode blocks properly include the ICMP service.
                GBOS6100021916
                
        2.3.2   Configuration settings are properly maintained when importing 
                XML configuration files.
                GBOS6100022006
                
        2.3.3   Time group policies properly process end of time segment. 
                GBOS6100022506
                
        2.3.4   Security policies properly drop deny options after being 
                changed to accept.
                GBOS6100022606
                
        2.3.5   Address objects are properly maintained upon upgrading.
                GBOS6100023416
                
        2.3.6   GB-820 no longer encounters connection speed issues. 
                GBOS6100018906
                
        2.3.7   Firewall properly handles large numbers of IPSec VPNs. 
                GBOS6100022096
                
        2.3.8   VPN keep alive is correctly disabled when site-to-site VPN is 
                disabled, properly releasing host licenses.
                GBOS6100021811
                
        2.3.9   Serial PPP interface settings are properly saved. 
                GBOS6100024806
                
        2.3.10  MTU is properly set for PPPoE connections.
                GBOS6100024911
                
        2.3.11  Time based policies properly deny active connections as 
                configured.
                GBOS6100024756
                
        2.3.12  Notification email address properly passes XML validation.
                GBOS6100025246
        
3.  SERVICES 
        
    3.1 New Features
        
        3.1.1   Added support for exporting and importing certificates and CRLs 
                in PKCS#7 format.
                GBOS6100021296
                
        3.1.2   Added support to use CRLs with IPSec tunnels and the SSL Client.
                GBOS6100022241
                
        3.1.3   Added option to configure BGP neighbor weight.
                GBOS6100020846
                
        3.1.4   Added ability to set maximum failure value for gateway policies. 
                GBOS6100023056
                
        3.1.5   Added the ability to configure SPF and TXT records for the 
                domain, and TXT records for hosts. 
                GBOS6100020581
                
        3.1.6   Added support for dynamic DNS service providers easyDNS 
                and No-IP.
                GBOS6100023556
                
        3.1.7   Added support for ESMTP EHLO and SIZE commands.
                GBOS6100023991, GBOS6100024021
                
        3.1.8   Added support to Mail Proxy for DNS white list.
                GBOS6100007746, GBOS6100004113
                
        3.1.9   DCHPv6 client now supports multiple interfaces.
                GBOS6100024926
                
    3.2 Modifications            
                
        3.2.1   Security policies for remote access services are defaulted 
                based upon network settings.
                GBOS6100022466, GBOS6100021306, GBOS6100021311
                
        3.2.2   Traffic shaping limit maximum set to 5GB.
                GBOS6100021596
                
        3.2.3   Improved certificate validation. 
                GBOS6100022491
                
        3.2.4   Improved NTFS support for USB devices.
                GBOS6100022331
                
        3.2.5   Multiple destination addresses are now allowed for emailed 
                backups.
                GBOS6100022536
                
        3.2.6   Upgraded Anti-Spam processing.
                GBOS6100022716, GBOS6100022856
                
        3.2.7   Updated IPS engine.                                                    
                GBOS6100023566
                
        3.2.8   Updated SSL log messages.
                GBOS6100023496
                
        3.2.9   High Availability slave IP, administrative ID and password 
                are now stored in the web interface. 
                GBOS6100023906
                
        3.2.10  High Availability Update Slave section changed to 
                Update HA Group.
                GBOS6100023911
                
        3.2.11  Alarm notification emails now contain policy type. 
                GBOS6100021196
                
        3.2.12  Email sent from the firewall uses EHLO first by default, 
                followed by HELO. 
                GBOS6100024041
                
        3.2.13  Increased GB-Ware Virtual Machine VRID support to a 
                maximum of 4079.
                GBOS6100024156
                
        3.2.14  IPS proxy settings now contain the option to set IPS as 
                default or subscription on the Threat Management, IPS Proxy 
                configuration screen. IPS Wizard sets the proxy as subscription. 
                GBOS6100024501
                
        3.2.15  High Availability now uses configured remote administration 
                port for slave group updates.
                GBOS6100018411, GBOS6100024671 
                
        3.2.16  IPv4 and IPv6 addresses are coalesced into separate 
                alarm emails.
                GBOS6100024381
                
        3.2.17  Updated content filtering with new content categories. 
                GBOS6100024946
                
        3.2.18  GBAuth is now included on the remote access portal.
                GBOS6100025301
                
        3.2.19  Peer IP address added to email proxy reject messages.
                GBOS6100024621
    
    3.3 Bug Fixes
    
        3.3.1   Basic Setup Wizard properly sets the domain for the DCHP server 
                when enabled. 
                GBOS6100022161
                
        3.3.2   Certificates are properly validated when making SSL connections 
                that require validation. 
                GBOS6100022186
                
        3.3.3   DCHP relay properly restarts when saving the network settings 
                section.
                GBOS6100022076
                
        3.3.4   Log messages for VPN blocks are properly reported.
                GBOS6100022911
                
        3.3.5   Password character length for the High Availability update 
                slave field properly matches administrative password length.
                GBOS6100023326
                
        3.3.6   IPS alarms are properly generated as configured. 
                GBOS6100018526
                
        3.3.7   RTSP protocols properly function. 
                GBOS6100024036
                
        3.3.8   IPS alarm notification emails display proper source, 
                destination, policy ID and time stamp.
                GBOS6100024126, GBOS6100024266

        3.3.9   High Availability properly prevents administrators from double 
                updating the slave. 
                GBOS6100024056
                
        3.3.10  IPv6 DHCP relay and VLAN properly function if both IPv6 and 
                IPv4 interfaces are configured.
                GBOS6100024721, GBOS6100024731, GBOS6100024726

4.  REPORTS

    4.1 New Features
    
        4.1.1   Added report types to the firewall reporting section.
                GBOS6100021746, GBOS6100021716, GBOS6100018856
                
        4.1.2   GB-2500 and GB-Ware Enterprise systems now report Top 100. 
                GB-2100 and GB-Ware Unrestricted now report Top 50. 
                GBOS6100023676
                
        4.1.3   Added ability to disable logging and reporting for Content 
                Filtering Proxy.
                GBOS6100023541
                
        4.1.4   Added Mail Proxy reports.
                GBOS6100017366

        4.1.5   Added ability to disable logging and reporting for Mail Proxy.
                GBOS6100022886, GBOS6100002787
                
        4.1.6   Added ability to save reporting data to USB. 
                GBOS6100023866

    4.2 Modifications 
    
        4.2.1   Improved system reports. 
                GBOS6100021276, GBOS6100021536, GBOS6100021856, GBOS6100018851,
                GBOS6100020731, GBOS6100021931, GBOS6100025131
                
        4.2.2   Added SSL Licenses information to the SSL Report.
                GBOS6100016511

        4.2.3   Improved system reports to display inbound and outbound traffic 
                by source and destination, as well as total bytes sent and 
                response bytes.
                GBOS6100021891, GBOS6100021896
                
        4.2.4   Improved Network Traffic report with connections moved above 
                packets denied.
                GBOS6100021806
                
        4.2.5   Added country IP support for reports.
                GBOS6100021661
                
        4.2.6   Improved reports to display connection limiting blocks in the 
                proper direction.
                GBOS6100021961
        
    4.3 Bug Fixes
    
        4.3.1   Spoof blocks are properly displayed in reports.
                GBOS6100021936
                
        4.3.2   Stealth blocks properly appear in the Network Denied report, 
                if configured.
                GBOS6100021911
                
        4.3.3   Outbound connections are properly reported. 
                GBOS6100022371
                
        4.3.4   Invalid packet blocks properly display in reports.
                GBOS6100021941
                
        4.3.5   Reports properly display network traffic connections. 
                GBOS6100023431
                
        4.3.6   IPv6 active connections are properly reported.
                GBOS6100024421
                
        4.3.7   Fragment packets are properly displayed in reports.
                GBOS6100021926
                
        4.3.8   Report graphs properly display statistical information.
                GBOS6100025451

5.  WEB INTERFACE 

    5.1 New Features
    
        5.1.1   Added graphs for Web Content Filtering statistics. 
                GBOS6100017351
                
        5.1.2   Added option to block IP addresses according to country code.
                GBOS6100021666
                
        5.1.3   Added country identification flags throughout web interface.
                GBOS6100021656
                
        5.1.4   Added enabled/disabled icons for country blocking.
                GBOS6100021781
                
        5.1.5   Improvements made to the security policies monitoring section
                to display a counter for the number of allowed/denied country 
                blocks, as well as the ability to flush all counters.
                GBOS6100021786
                
        5.1.6   Improved system overview to display enabled automatic backups. 
                GBOS6100020716
                
        5.1.7   Added ability to revoke certificates issued by the local CA.
                GBOS6100022246
                
        5.1.8   Added packet capture page to the Monitoring section. Packet 
                captures can also be attached to the configuration report.
                GBOS6100010036, GBOS6100023361
                
        5.1.9   Added performance optimization options for IPS Proxy.
                GBOS6100023576
                
        5.1.10  Added info icon, for DDNS service providers, to the web
                interface. 
                GBOS6100023561
                
        5.1.11  Added option to directly download backup configurations from 
                USB or cloud device.
                GBOS6100020661
                
        5.1.12  Added ability to download specific user policies for Mobile 
                IPsec in the Accounts>Users section.
                GBOS61000119641
                
        5.1.13  Added ability to enable automatic country IP database updates.
                GBOS6100024456
                
        5.1.14  Added ability to download client configuration via the 
                VPN Mobile Client Wizard.
                GBOS6100019916
                
        5.1.15  Added ability to purge country IP databases via the web 
                interface.
                GBOS6100024626
                
        5.1.16  Added ability to enable the gateway via checkbox for IPv6 
                interfaces.
                GBOS6100024981

    
    5.2 Modifications 
    
        5.2.1   Improved system configuration verification.
                GBOS6100003838, GBOS6100022216, GBOS6100023701, GBOS6100023721,
                GBOS6100023901, GBOS6100023896, GBOS6100024001, GBOS6100024486, 
                GBOS6100024461, GBOS6100023916, GBOS6100024866, GBOS6100025011, 
                GBOS6100024711
                                       
        5.2.2   Improved Basic Setup Wizard design layout.
                GBOS6100022261
                
        5.2.3   Modified web interface navigation menu.
                GBOS6100021771 
                
        5.2.4   Country list is now sorted by name on the Contact Information 
                page.
                GBOS6100021731
                
        5.2.5   Removed invalid Delete icon from the IPS policies section. 
                GBOS6100022051
                
        5.2.6   When importing configurations, the preserve activation codes
                option is now enabled by default.
                GBOS6100020016
                
        5.2.7   Removed MTU range display in the web interface for gigabit 
                interfaces. 
                GBOS6100022086
                
        5.2.8   Modified web interface, moving the add/delete buttons to the 
                left side of row lists. 
                GBOS6100023761
                
        5.2.9   Improved filters for viewing active connections.
                GBOS6100023831, GBOS6100023821
                
        5.2.10  Improved purge option display for Historical Statistics 
                and Report data. 
                GBOS6100024076
                
        5.2.11  Updated cloud backup support for Dropbox.
                GBOS6100024211
                
        5.2.12  Updated hints in the Monitor section.
                GBOS6100024121
                
        5.2.13  SLAAC is automatically enabled if DHCPv6 is enabled.
                GBOS6100024291
                
        5.2.14  Improved web interface display in Chrome and Safari. 
                GBOS6100024551
                
        5.2.15  Improved display of IPv6 connections list. 
                GBOS6100024881
                                           
    5.3 Bug Fixes
    
        5.3.1   UTC is no longer displayed as "null" in the web interface. 
                GBOS6010021826
                
        5.3.2   Selecting CA certificates is properly disabled for site to site 
                IPSec tunnels.
                GBOS6100022476
                
        5.3.3   Web interface displays proper IP address for bridge interfaces 
                on the summary page.
                GBOS6100023656
                
        5.3.4   Resolved row highlighting issue in the backup configuration 
                section of the web interface.
                GBOS6100023666
                
        5.3.5   Custom fields are properly hidden when an object is selected.
                GBOS6100023786
                
        5.3.6   Read only administrator rights are properly honored for
                configuration backup.
                GBOS6100023846
                
        5.3.7   Read only firewall administrators are properly limited to 
                Live mode. 
                GBOS6100023861
                
        5.3.8   Halt function properly works via the web interface.
                GBOS6100017731
                
        5.3.9   Network Diagnostics page properly displays appropriate 
                IP protocol.
                GBOS6100024106

                
        5.3.10  Mobile IPsec setup wizard properly prompts for password only
                once.
                GBOS6100024481
                
        5.3.11  HTML injection is properly prevented in web interface input 
                fields.
                GBOS6100024691

        5.3.12  Password field for IPSec tunnels does not allow for auto 
                completion via saved browser passwords.
                GBOS6100024701
                
        5.3.13  IPSec Wizard summary screen properly displays all information 
                for Mobile VPN configurations.
                GBOS6100024876
                
        5.3.14  Client DUID is properly displayed for DHCPv6 static leases 
                in the Activity section.
                GBOS6100025001
                
        5.3.15  Entering the maximum character value for the Remote Access login
                banner or disclaimer field no longer corrupts the configuration.
                GBOS6100025146, GBOS6100025151
                
        5.3.16  Remote Access login banner text is properly displayed in 
                Internet Explorer and Google Chrome.
                GBOS6100025176
                
        5.3.17  Self-signed certificates are properly displayed whether the 
                certificate was generated or imported.
                GBOS6100025196
                
6.  CONSOLE

    6.1 New Features
    
        6.1.1   In the console interface, added ability to specify 
                 for an inbound tunnel, both as a service and 
                destination.
                GBOS6100003329, GBOS6100024346, GBOS6100024351
                
        6.1.2   Added support for IPv6 alias in the console interface.
                GBOS6100024396
    
    6.2 Modifications
    
        6.2.1   Console email configuration reports now include log files by 
                default. 
                GBOS6100023011
                
        6.2.2   Updated menu name for Network Timeouts to Network Preferences 
                in the console interface.
                GBOS6100024516
                
        6.2.3   Improved console interface, including adding IPv6 gateway to
                the Static Routes page.
                GBOS6100024361
                
    6.3 Bug Fixes

        6.3.1   Console interface properly displays SSL and None as remote 
                administration encryption options.
                GBOS6100023046
                
        6.3.2   Console interface properly supports pass through hosts/networks.
                GBOS6100024386
                
7.  RELEASE NOTES HISTORY

    7.1   Previous Release Notes
          These notes cover the 6.1.0 release of GB-OS. Release notes for 
          previous versions can be found at GTA's website, http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.