Unified Threat Management - Support | GTA, Inc.

		                         GB-OS FIREWALL SOFTWARE
                            VERSION 3.7.0
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 3.7.0
Date:       22 June 2005

-------------------------------------------------------------------------
GB-OS version 3.7.0 includes updated versions of the following GTA 
products and utilities:

    GB-OS                       3.7.0
    GBAdmin                     3.7.0

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SERVICES

3.  VPN

4.  ROUTING

5.  ADMINISTRATION AND REPORTS

6.  SYSTEM

7.  GBADMIN

8.  RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Firewall Rebooting After Uploading a Configuration

        When uploading a complete firewall configuration, updating an
        H2A slave, or when performing Save All/Save Copy As in GBAdmin,
        the firewall will now reboot to apply the new configuration.
        GBSS3620002676, GBSS3620002669, GBSS3620002673

    1.2 Entering New Activation Codes

        New activation codes must be entered. GB-OS version 3.7
        is available at no charge to customers with a GTA support 
        contract or annual maintenance agreement, or who purchased a 
        GTA firewall on or after 1 May 2005. Other users should 
        contact their local GTA channel partner or email sales@gta.com
        for information and pricing of upgrade options.

    1.3 Upgrading Hard Drive GB-Ware Installations from 3.5.x to 3.7.0

        When upgrading a hard drive GB-Ware firewall from version 3.5.x 
        to 3.7.0:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.

    1.4 SSL Certificate Replacement

        Version 3.7.0 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.

    1.5 NEW! GTA Mobile VPN Client

        Version 3.7.0 contains new NAT-T (NAT traversal for VPN) 
        features.

        The new GTA Mobile VPN Client supports these NAT-T enhancements;
        it also has several more new features.

        To use these new NAT-T and other new VPN client features:

            1.  Uninstall any existing VPN clients (including GNAT Box 
                VPN Client).
            2.  Install the new GTA Mobile VPN Client.

        If you do not require NAT-T or the other new features, you may 
        continue to use the previous version of the GNAT Box VPN 
        Client with GB-OS 3.7.0.

        For more information on the GTA Mobile VPN Client, please visit 
        http://www.gta.com/options/vpn/.


2.  SERVICES

    2.1 Bug Fixes

        2.1.1   The DHCP Server no longer fails when more than 4 server 
                ranges are defined.
                GBSS3700002831

        2.1.2   Mail Sentinel email proxy no longer incorrectly rejects 
                email with a 501 code when Match MX is checked and MX 
                records in the DNS server are correct.
                GBSS3700002849


3.  VPN

    3.1 New Features

        3.1.1   NAT traversal (NAT-T) is now available, enabling IPSec 
                VPNs using IKE to use UDP encapsulation to automatically
                detect and navigate through NAT devices (RFC 3947). The 
                new GTA Mobile VPN Client is required to use NAT-T in 
                client-to-gateway VPNs.
                GBSS3700000598

        3.1.2   Dead peer detection (DPD) is now available for Phase I 
                (RFC 3706).
                GBSS3700002750

    3.2 Feature Enhancements

        3.2.1   Additional bit lengths are now available for 
                Diffie-Hellman key groups: 2,048, 3,072 and 4,096 bits 
                (groups 14, 15 and 16).
                GBSS3700002747

        3.2.2   Local Identity for VPN objects is now located in Phase I,
                with other information that is also exchanged during
                Phase I.
                GBSS3700002756

        3.2.3   VPN object (Phase I) settings on the initiator are now 
                used when Force Mobile Protocol is selected.
                GBSS3700002171

        3.2.4   Encryption algorithms for Phase I and Phase II of the 
                default VPN objects are now AES-192.
                GBSS3700002789

    3.3 Bug Fixes

        3.3.1   Outbound connections from spokes no longer fail for 
                hub-and-spoke VPN configurations.
                GBSS3700002737


4.  ROUTING

    4.1 New Features

        4.1.1   Multiple gateway support is now available. Inbound 
                connections automatically retain their initial gateway 
                throughout the transaction.
                GBSS3700001990

        4.1.2   Filters can now specify gateways to override default 
                route selection when using multiple gateways. 
                Policy-based routing can be activated by matching a 
                protocol, port, source or destination IP address.
                GBSS3700002748

        4.1.3   Bandwidth sharing (outbound connections distributed 
                evenly across multiple gateways) is now available.
                GBSS3700002749


5.  ADMINISTRATION AND REPORTS

    5.1 Feature Enhancements

        5.1.1   Activity for Active Connections now list the route used.
                GBSS3700002766

        5.1.2   Activity for Mail Sentinel now lists the last update 
                times for Mail Sentinel Anti-Virus and Mail Sentinel 
                Anti-Spam.
                GBSS3700002805

    5.2 Bug Fixes

        5.2.1   Reports for Configuration now correctly lists Traffic 
                Shaping pipe limits in kilobits per second (Kbps) 
                instead of kilobytes (KB).
                GBSS3700002764

        5.2.2   Filters of type Accept with action Email now email 
                reports when they are invoked.
                GBSS3700002806


6.  SYSTEM

    6.1 New Features

        6.1.1   The host name now displays at the console login prompt. 
                (Reboot or logout is required.)
                GBSS3700002821

    6.2 Bug Fixes

        6.2.1   GB-Ware no longer fails to boot for firewalls using 
                motherboards with non-standard USB controllers.
                GBSS3700002610

        6.2.2   GB-Ware no longer fails to boot for firewalls using USB 
                key blocks with USB PCI cards.
                GBSS3700002388

        6.2.3   TTL for TCP SYN cookie packets has been increased to 64,
                correcting timeout issues for Windows 95 and Windows 98
                hosts.
                GBSS3700002856


7.  GBADMIN

    7.1 Bug Fixes

        7.1.1  GBAdmin now correctly loads some configurations from GNAT 
               Box System Software version 3.4.5.
               GBAD3700002825

        7.1.2  GBAdmin now correctly allows HMAC-SHA hashes to be set 
               for both Phase I and Phase II of VPN objects.
               GBAD3700002835


8.  RELEASE NOTES HISTORY

    8.1     Previous Release Notes
            These notes cover the 3.7.0 release of GB-OS. Release notes 
            for previous versions can be found at GTA's web site, 
            http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3525 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.