Unified Threat Management - Support | GTA, Inc.

		                         GNAT BOX SYSTEMS SOFTWARE
                            VERSION 3.6.2
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GNAT Box System Software version 3.6.2
Date:       31 March 2005

-------------------------------------------------------------------------
GNAT Box System Software version 3.6.2 includes updated versions of the
following GTA products and utilities:

    GNAT Box System Software     3.6.2
    GBAdmin                      3.6.2

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  BASIC CONFIGURATION

3.  DNS PROXY OR DNS SERVICE

4.  MAIL SENTINEL EMAIL PROXY SERVICE

5.  WEB PROXY SERVICE

6.  NETWORK TIME (NTP) SERVICE

7.  ADMINISTRATION AND REPORTS

8.  SYSTEM

9.  GBADMIN

10. RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Firewall Rebooting After Uploading a Configuration

        When uploading a complete firewall configuration, updating an
        H2A slave, or when performing Save All/Save Copy As in GBAdmin,
        the firewall will now reboot to apply the new configuration.
        GBSS3620002676, GBSS3620002669, GBSS3620002673

    1.2 Entering New Mail Sentinel Subscription Activation Codes

        Mail Sentinel Anti-Spam and Mail Sentinel Anti-Virus users
        must enter new activation codes for the new version.

    1.3 Upgrading Hard Drive GB-Ware Installations from 3.5.x to 3.6.2

        When upgrading a hard drive GB-Ware firewall from version 3.5.x 
        to 3.6.2:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.

    1.4 SSL Certificate Replacement

        Version 3.6.2 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  BASIC CONFIGURATION


    2.1 Bug Fixes

        2.1.1   When entering activation codes on GB-Ware without the
                USB key block and using certain types of motherboards,
                the firewall no longer freezes.
                GBSS3620002475

        2.1.2   When uploading a PPP configuration without any default
                configuration in place, the upload no longer fails.
                GBSS3620002651, GBSS3620002676

        2.1.3   When a PPP or PPPoE configuration is saved while traffic 
                is using the PPP/PPPoE interface, the firewall no longer
                sometimes crashes.
                GBSS3620002692


3.  DNS PROXY OR DNS SERVICE

    3.1 Feature Enhancement

        3.1.1   When rebooting the firewall or saving the Dynamic DNS
                configuration section, Dynamic DNS now attemtps to
                force an update.
                GBSS3620002631

        3.1.2   named (DNS Server) has been updated to version 8.4.6.
                GBSS3620002674


4.  MAIL SENTINEL EMAIL PROXY SERVICE

    4.1 Bug Fixes

        4.1.1   Mail Sentinel Anti-Spam options on GB-Ware systems with
                64 MB Compact Flash cards now work as intended.
                GBSS3620002628

        4.1.2   Mail Sentinel Anti-Virus options on GB-Ware systems with
                an SIO runtime now work as intended.
                GBSS3620002618

        4.1.3   Mail Sentinel no longer exhausts available inodes on
                some firewalls, causing the service to stop.
                GBSS3620002636

        4.1.4   Mail Sentinel, Mail Sentinel Anti-Spam and Mail Sentinel
                Anti-Virus now check for DNS reconfigurations.
                GBSS3620002675

        4.1.5   When performing a quarantine action with an email address
                whose DNS MX entry refers back to the firewall itself, 
                Mail Sentinel now connects directly to the IP address to 
                avoid a DNS-related email loop.
                GBSS36220002678


5.  WEB PROXY SERVICE

    5.1 Bug Fixes

        5.1.1   Mobile code blocking is no longer ignored.
                GBSS3620002670

        5.1.2   Surf Sentinel now checks for DNS reconfigurations.
                GBSS3620002298


6.  NETWORK TIME (NTP) SERVICE

    6.1 New Features

        6.1.1   Relationship with the NTP server can now be toggled 
                between server mode (the most common use) and peer mode.
                GBSS3620002688


7.  ADMINISTRATION AND REPORTS

    7.1 New Features

        7.1.1   Ping can now be performed through VPNs using the binding
                interface option in the web interface.
                GBSS3620001915

    7.2 Bug Fixes

        7.2.1   When uploading a complete firewall configuration or
                using Save All in GBAdmin, static address mappings no
                longer fail.
                GBSS3620002643, GBSS3620002676

        7.2.1   When viewing a Configuration Report for a static route 
                that uses dynamic gateways or interface object, the 
                gateway's object name (if any) now displays as intended.
                GBSS3620002697

        7.2.1   When viewing a Configuration Report, local/remote IP
                addresses for PPP connections no longer show an incorrect
                third IP address between the initial and negotiated
                address.
                GBSS3620002699


8.  SYSTEM

    8.1 New Features

        8.1.1   Support for inbound TCP connection SYN validation cookies
                and SYN flood logging added.
                GBSS3620002634, GBSS3620002626

        8.1.2   Extended passive FTP (RFC 2428) is now supported.
                GBSS3620000093

    8.2 Feature Enhancements

        8.2.1   Protection for an additional variant of the FTP bounce
                attack was added.
                GBSS3620002620

        8.2.2   When operating in stealth mode, the firewall now allows
                pings on the PSN interface.
                GBSS3620002187

    8.3 Bug Fixes

        8.3.1   The ARP table is now appended only for accepted
                connections.
                GBSS3620001345

        8.3.2   When verifying the sender and sequence of resent TCP SYN
                packets, retransmission is no longer incorrectly 
                blocked, resulting in inappropriately dropped 
                connections.
                GBSS3620002700

        8.3.3   When handling FTP connections where the firewall has 
                operated on a packet but the host has not acknowledged 
                reception, the FTP connection no longer hangs.
                GBSS3620002706


9.  GBADMIN

    9.1 Bug Fixes

        9.1.1   When editing an object in GBAdmin, objects can no
                longer replace the ANY_IP object in the list, causing it
                to become editable and causing the edited object to
                become unmodifiable.
                GBAD3620002509

        9.1.2   When viewing a bridged interface configuration report
                in GBAdmin, the label text now displays correctly.
                GBAD3620002663

        9.1.3   When editing mobile code or unknown HTTP command
                blocking for the HTTP proxy in GBAdmin, incorrect ACL
                information no longer loads.
                GBAD3620002672

        9.1.4   When creating an empty address object and deleting it, 
                subsequent address objects in the list are no longer 
                corrupted.
                GBAD3620002658

        9.1.5   The GB-Commander configuration section now uses the 
                intended label "Pre-shared Secret" instead of "Password".
                GBAD3620002717


10. RELEASE NOTES HISTORY

    10.1    Previous Release Notes
            These notes cover the 3.6.2 release of GNAT Box System
            Software. Release notes for previous versions can be found at
            GTA's web site, www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3525 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220

		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.