Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

   Title: GNAT Box Firewall System Release Notes
 Product: GNAT Box System Software Version 3.1.3
    Date: 15 February 2001

This Release Note includes the following sections:

1. System Software
    1.1 Bug Fixes
    1.2 Enhancements and Changes

2. Services
    2.1 Bug Fixes
    2.2 Enhancements and Changes

3. User Interfaces - All Interfaces
    3.1 Bug Fixes
    3.2 Enhancements and Changes

4. Verification - All User Interfaces
    4.1. Enhancements and Changes

5. GBAdmin User Interface
    5.1 Bug Fixes
    5.2 Enhancements and Changes

6. Console User Interface
    6.1 Bug Fixes
    6.2 Enhancements and Changes

7. Web Browser Interface
    7.1 Bug Fixes
    7.2 Enhancements and Changes

8. Syslogger
    8.1 Enhancements and Changes

1. System Software

1.1 Bug Fixes

1.  The "Automatic accept all filter" option in the
    Inbound Tunnel section doesn't function correctly if
    a tunnel's "From" port is set to 0 (zero, all ports

    Resolution: Automatic filter control module
    modified to handle the special case of a "From" port
    set to 0 (zero).

2.  If the Network Information section is saved after
    the Aliases section is saved, the first alias
    becomes default NAT address.

    Resolution: Modifications made to specify what the
    default NAT address should be for each interface.

3.  Error initializing active tunnels on systems with
    40Mb and 48Mb of RAM.

    Resolution: Modify heuristic for determining number
    of supported active connections supported.

4.  Fragmented packets silently dropped due to checksum
    error because packet length calculated incorrectly.

    Resolution: Adjust packet length correctly during
    IP fragment reassembly.

5.  The system kernel has become too large for GNAT Box
    Pro, GB-100, and GNAT Box Light.

    Resolution: For GNAT Box Pro, GB-100 and GNAT Box
    Light systems:
     - Remove IPSec VPN support for CAST128 algorithm.
     - Dropped support for Tigon I chipset from ti
     - Drop support for pccard NICs.
     - Create two runtimes for GB-100: one with gigabit
       support and one with tokenring support.

6.  Using same local preshared secret for all VPN IKE
    connections forces disclosure of local secret to all
    remote VPN administrators.

    Resolution: Removed local/remote pre-shared secrets
    and use a per VPN pre-shared secret.

7.  NAT mode only supports TCP, UDP and ICMP protocols.

    Resolution: Add ability to NAT source and
    destination IP addresses in IP header for arbitrary
    IP protocols.  This will allow additional protocols
    be used in the NAT mode, however there is no
    guarantee that a give protocol (non TCP, UDP or
    ICMP) will operate correct with NAT applied.

8.  Inbound IP Pass Through connections are tracked as
    outbound connections.

    Resolution: Modifications made to correctly track
    inbound IP Pass Through connections.

1.2 Enhancements and Changes

1.  Replaced the "de" network driver with the "dc"
    network driver. The "dc" driver supports the
    following network cards:

     - DEC/Intel 21143 chipset based cards
     - Macronix 98713, 98713A, 98715, 98715A and 98725
     - Davicom DM9100, DM9102 and DM9102A
     - ASIX Electronics AX88140A and AX88141
     - ADMtek AL981 Comet and AN985 Centaur
     - Lite-On 82c168 and 82c169 PNIC
     - Lite-On/Macronix 82c115 PNIC II

2.  Added support for gigabit over copper to "ti"
    network driver (Tigon II chipset).

3.  Add strong VPN encryption support to all products
    except GNAT Box Light and GNAT Box Demo. Strong
    encryption includes triple DES and increased key
    size. The GB-1000 and GB-Flash product also include
    support for the AES and twofish encryption

4.  Adjustments made to the heuristic for determining
    maximum number of concurrent connections.  This
    adjustment has been made in consideration for all
    the new services added in version 3.1.x.

        GNAT Box   GNAT Box
        Light      Pro         GB-100   GB-Flash  GB-1000
  16MB  200        3,072       N/A        N/A     N/A
  32MB  200       17,408     13,312     13,312    N/A
  40MB  200       24,576       N/A      19,456    N/A
  64MB  200       32,768       N/A      32,768   32,768

2. Services
2.1 Bug Fixes

1.  Domain names for some Mail Abuse Prevention System
    (MAPS) lists have changed.

    Resolution: Changed the default MAPS servers to:

    - blackholes.mail-abuse.org
    - dialups.mail-abuse.org
    - relays.mail-abuse.org
    - relays.orbs.org

2.2 Enhancements and Changes

1.  Increase size of mail exchangers field for a DNS
    domain. If mail exchanger contains a '.' don't
    append domain.

2.  Add ability to specify DNS Internet forwarders to
    the DNS server.

3.  High Availability option has been added to GB-1000.

4.  Gateway Selector feature added to all products except
    GNAT Box Light.

5.  NTP (Network Time Protocol) feature added to GB-1000
    and GB-Flash.

6.  Update DNS server to BIND version 8.2.3.

3. User Interface - All User Interfaces
3.1 Bug Fixes

1.  VPN SPI minimum value should be 256 (not 4096) for
    manual key exchange.

    Resolution: Change value for minimum SPI to correct

2.  Ping always indicates 0 packets received.

    Resolution: Increment counter for packets received.

3.  Summary report for content filter preferences
    missing CyberNOT values.

    Resolution: Add CyberNOT information to report.

4.  There is no way to tell if the CyberNOT list was
    successfully fetched.

    Resolution: Add status indicator to Content
    Filtering Preference dialog.

5.  The downloading and processing of the CyberNOT lists
    aborts if unable to e-mail administrator the download
    status report.

    Resolution: Log but do not abort download or
    processing if unable to e-mail administrator.

6.  Matching of objects containing IP address ranges
    with individual IP addresses doesn't match.

    Resolution: Make sure all IP addresses used in
    comparison are in host byte order.

7.  The usage of MD5 passwords with RIP requires a keyID 
    that is missing from user interface.
    Resolution: Add ability to specify keyID to RIP dialogs.

3.2 Enhancements and Changes - All User Interfaces

1.  Allow VPN keys less than minimum size to be entered.
    Append zeros to key to pad to minimum size for
    algorithm when using key.

2.  When saving preferences, if serial number changes,
    automatically reload features.

3.  Encrypt all stored data.

4.  Current statistics now being collected per interface

5.  Added the ability to specify the configuration
    parameters for Phase 1 of an IKE VPN definition.

6.  Added the support configuring a IPSec VPN definition
    for mobile client (GNAT Box VPN client).

7.  Sort aliases by interface, then by address.

8.  Allow more than one DNS server to be assigned by
    DHCP server.

9.  Use ISO 8601 date and time formatting.

10. Added the ability to define the timezone on GB-1000
    and GB-Flash systems.

11. On GB-1000 and GB-Flash systems added timezone
    information to date strings on reports.

12. Added "Flush ARP Table" feature to Administration

13. Added "Active VPNs" system activity report.

14. VPN definitions are sorted by description when

15. On the Current Statistics report, if the number of
    bytes or packets exceeds 1 megabyte in active
    connections then display statistics in megabytes. If
    the number  exceeds 100 kilobytes display statistics
    in kilobytes.

4. Verification - All User Interfaces
4.1. Enhancements and Changes

1.  Generate an error message if Address Objects
    referenced in VPNs don't exist.

2.  Generate error message if Address Objects referenced
    in VPNs don't contain ranges.

5. GBAdmin User Interface
5.1  Bug Fixes

1.  The manual key exchange for remote administration is
    difficult to use.

    Resolution: Switch to a public key exchange
    protocol. Remove support for manual key exchange

2.  When an Address Object is selected in the "Static Address
    Mappings" screen it is changed to ??? after the
    screen is saved and reloaded.

    Resolution: Problem corrected.  Address Objects are now 
    saved properly on the "Static Address Mappings" screen.

3.  When the "Filter Preferences Pager" screen is
    reloaded. It does not always update the enabled
    fields properly.

    Resolution: Problem corrected.  Enabled fields
    are updated correctly.

4.  When the "Filter Preferences SNMP" screen is reloaded
    the enabled fields are not updated properly.

    Resolution: Problem corrected.  Enabled fields
    are updated correctly.

5.  For the DNS server if you have no domains defined
    you can't enter any of the DNS server info.

    Resolution: Removed the enable dependency on
    Domains for data in the top portion of the screen.

6.  Under certain circumstances when viewing the log
    messages display and then selecting the another
    report would cause a sharing violation would occur.

    Resolution: Problem resolved. These actions no longer
    cause a sharing violation.

7.  On the DNS server screen, if a second mail exchanger 
    is defined, saving it in GBAdmin will cause the entry 
    to be lost.  However the entry is still visiable from 
    the web browser interface.

    Resolution: Problem fixed.  A second mail exchanger is
    saved correctly.

5.2  Enhancements and Changes

1.  Added the ability to specify 3 fowarders to DNS

2.  The open file dialog now remembers the last
    configuration opened.

3.  If Expert mode is selected then Expert mode will
    always be in effect until deselected, (selection is

4.  Updated the time format on change date dialog from
    mm/dd/yyyy to the international format yyyy/mm/dd.

5.  Add the ability to configure a GB-1000 as a high
    availability firewall, (when high availability
    feature is enabled).

6.  On the Static Address Mapping and Pass Through Host
    screens. If an IP Address Object is selected the
    next two fields are grayed out and disabled. When
    the  Object is selected the two fields
    are enabled for editing.

7.  On the Static Address Mapping and Pass Through Host
    screens. You can now drag the rows around to arrange
    them in whatever order you like.

8.  If the Expert Mode is enabled a "Section saved
    successfully" dialog box will no longer be

9.  When a configuration is loaded the tree view will no
    longer flash as all of the items are redrawn.

10. Optimized redrawing of tables.

11. Added an "Expert" indicator on the tool bar. This
    indicator is displayed next to the "Online/Offline"
    indicator in the tool bar.

6. Console User Interface
6.1  Bug Fixes

1.  VPN Source IP Address was copied into Destination IP
    Address when saving.

    Resolution: Fixed.  VPN IP Addresses are saved as

2.  The Console interface for GB-1000 has menu option for
    configuring a non-existent screen saver.

    Resolution: Removed screen saver menu option from
    the GB-1000 console interface.

6.2 Enhancements and Changes

1.  Attempt to preserve contact information and feature
    codes during reset to factory defaults.

7. Web Browser User Interface
7.1 Bug Fixes

1.  Arbitrary files can be retrieved if a password and
    a userid are known.

    Resolution: Restrict file fetching to WWW directory

2.  Internet Explorer doesn't display all 27 characters
    of activation codes.

    Resolution: Increase length of field to 30, keep
    maximum data entry length at 27.

3.  Saving a configuration creates a file named
    gbconfig.flp by default. The configuration files should
    have an extension of GBcfg.

    Resolution: Change default file name to be GB313.GBcfg.

7.2 Enhancements and Changes

1.  Add ability to specify 3 fowarders to DNS server.

2.  Length of DNS server mail exchanger fields increased
    to 80.

8. Syslogger
8.1 Enhancements and Changes

1. Added support for ISO 8601 date and time format when

Copyright © 2016 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.