Unified Threat Management - Support | GTA, Inc.

		
                         GB-OS FIREWALL SOFTWARE
                            VERSION 4.0.0
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 4.0.0
Date:       14 April 2006

-------------------------------------------------------------------------
GB-OS version 4.0.0 includes updated versions of the following GTA
products and utilities:

    GB-OS                       4.0.0

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  CONFIGURATION

3.  SYSTEM

4.  ACCOUNTS

5.  NETWORK

6.  SERVICES

7.  THREAT MANAGEMENT

8.  VPN

9.  ACTIVITY

10. OPERATING SYSTEM

11. UTILITIES

12. RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 3.7.2 or below, new activation codes must be
        entered. GB-OS version 4.0.0 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local 
        GTA channel partner or email sales@gta.com for information and
        pricing of upgrade options.
        
    1.2 Upgrading from GB-OS 3.5 or Below
    
        If upgrading from GB-OS 3.5 or below, it is necessary to first
        upgrade to an interim version of GB-OS before installing GB-OS
        4.0.  For upgrade instructions, refer to Reference D in the
        GB-OS User's Guide.

    1.3 Upgrading Hard Drive GB-Ware Installations from 3.5.x to 4.0.0

        When upgrading a hard drive GB-Ware firewall from version 3.5.x 
        to 4.0.0:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.
        
    1.4 Error Messages Upon Initial Reboot
    
        Upon rebooting after successful installation, the GTA firewall
        may display errors when accessed using the Web interface. This
        is expected, these errors are generated because the browser's
        cache is trying to access files and locations that no longer
        apply. Click OK to any displayed errors and refresh the browser
        window to access GB-OS 4.0. If the error messages persist, clear
        your browser's cache.
        
    1.5 Default Login and Password Changes
        
        Firewall administrators who have never changed their default
        login and password in the Admin Accounts section of GB-OS 3.x
        will find that their default account's login information will no
        longer work with GB-OS 4.0.  After the firewall administrator
        has upgraded to GB-OS 4.0, their login and password will both
        default to fwadmin.
        
    1.6 Platform Independent Web Interface
    
        GB-OS 4.0 includes a platform independent web interface which
        provides an improved workflow, user-friendly design with
        enhanced features such as offline configuration and verification
        using GB-OS 4.0's Test Mode. GBAdmin is not supported by
        GB-OS 4.0.

    1.7 User Group Assignments When Upgrading From Previous Versions
    
        When upgrading to GB-OS 4.0.0, users will automatically be
        organized into groups based on the name of the their VPN object.
        For example, a user that made use of a VPN object with a name
        of Marketing Department will be assigned to a group named
        Marketing Department, while a user that made use of a VPN object
        with the name of MOBILE will be assigned to a group named
        MOBILE.
        Users that have no VPN object assigned to them will be
        organized into groups based on the GB-OS version that the
        administrator is upgrading from, such as Users_372.
        
    1.8 Static Gateway to Static Gateway VPN Failure
    
        Firewall administrators that have a configured VPN between two
        static gateways may find that their VPN no longer functions
        after they have upgraded to GB-OS 4.0.  This is caused when the
        firewall administrator had a local identity configured in the
        Authorization>VPN section on their GTA firewall before it was
        upgraded to GB-OS 4.0.  GB-OS versions prior to GB-OS 4.0
        ignored this field when a static gateway to static gateway VPN
        was configured; in GB-OS 4.0, the local identity is recognized
        and can result in a failure when a VPN connection previously
        worked. To correct this issue, simply navigate to
        Configuration>VPN>IPSec Tunnels and edit the IPSec tunnel in
        question by setting the local identity to IP Address.

    1.9 Restrictive VPN Configurations
    
        When upgrading to GB-OS 4.0, firewall administrators may need to
        rebuild their VPN policies.  In previous versions of GB-OS, VPN
        access was controlled using pass through filters.  In GB-OS 4.0,
        VPN access is controlled using VPN policies which allow all VPN
        traffic by default. Firewall administrators who have upgraded to
        GB-OS 4.0 will need to manually recreate any restrictive VPN
        policies.
        
    1.10 VPN Object Names
    
        Previously defined VPN objects will have the GB-OS version
        number appended to their name after the GTA firewall has been
        upgraded to version 4.0.  For example, a VPN object with a name
        of IKE in GB-OS 3.7.0 will be named IKE_370 after the upgrade.

    1.11 Address Object Identification

        Previously defined address objects that were of type IP
        Addresses will be re-categorized as being of type All after the
        GTA firewall has been upgraded to version 4.0.

    1.12 SSL Certificate Replacement

        Version 4.0.0 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.
           

2.  CONFIGURATION

    2.1 New Features
    
        2.1.1   Administrators can now switch between runtime slices in
                the firewall's flash memory when using the Web
                interface.
                GBOS4000002625

3.  SYSTEM

    3.1 New Features
    
        3.1.1   Service group objects added to the Object Editor.
                Administrators can explicitly allow or deny a protocol
                on a certain port according to configured service group
                objects.
                GBOS4000002970

        3.1.2   Time Group objects now allow for additional flexibility
                when defining time blocks. 
                GBOS4000000214
        
        
4.  ACCOUNTS

    4.1 New Features
    
        4.1.1   Groups added to increase efficiency when defining user
                authentication in security policies. Groups are pools of
                user accounts used for reference throughout the
                configuration.
                GBOS4000001761
                
5.  NETWORK

    5.1 Bug Fixes
    
        5.1.1   Static routes now update correctly when their
                address object is updated.
                GBOS4000003621
                
                
6.  SERVICES

    6.1 New Features
        
        6.1.1   Dynamic DNS now allows for multiple dynamic DNS
                definitions to be used.
                GBOS4000003297
                
        6.1.2   DHCP now allows for up to three WINS servers to be
                defined per DHCP address range.
                GBOS4000003469
                
                
    6.2 Modifications
    
        6.2.1   DHCP Server now allows for broader definitions when
                configuring lease durations.
                GBOS4000002558 
    
        6.2.2   SNMP now includes automatic policies that allow access
                from the protected interface.
                GBOS4000003395
                
        6.2.3   The Firewall Control Center now operates on TCP port
                2033 by default.
                GBOS4000002925
        
                
    6.3 Bug Fixes
    
        6.3.1   Aliases are now properly removed when deleted and the
                High Availability service is enabled.
                GBOS4000002299
                
        6.3.2   The DNS server now correctly verifies reverse zone
                names.
                GBOS4000002840          
                
                
7.  THREAT MANAGEMENT

    7.1 New Features
    
        7.1.1   Surf Sentinel now supports multiple local allow and
                deny lists through the use of address objects.
                GBOS4000001818

    7.2 Modifications
    
        7.2.1   Mail Sentinel now tracks an increased number of email
                addresses within a single email.
                GBOS4000003236
        
        7.2.2   Surf Sentinel now supports authentication via user groups.
                GBOS4000003313
                
    7.3 Bug Fixes
    
        7.3.1   Mail Sentinel Anti-Spam now properly closes connections
                with the ALS server.
                GBOS4000003179
            
8.  VPN

    8.1 New Features
    
        8.1.1   GB-OS now automatically generates policies to allow VPN
                traffic.
                GBOS4000000420  
                

9.  ACTIVITY

    9.1 New Features
    
        9.1.1   Configuration reports are now organized in easy-to-read
                sections labeled Summary located in the Configuration
                menu.
                GBOS4000000487
        
        9.1.2   DHCP Leases now allows for the administrator to flush
                all DHCP-assigned IP addresses assigned by the DHCP
                Server and recorded in the DHCP Leases table.
                GBOS4000002336


10.  OPERATING SYSTEM

    10.1 New Features
    
        10.1.1  GB-OS now includes VLAN support.
                GBOS4000003315
                
        10.1.2  GB-OS now includes pre-configured, default objects that
                cannot be edited or disabled.
                GBOS4000003622
                
        10.1.3  GB-OS now allows for the disabling of all objects that
                are not built into the system.
                GBOS4000003274      
                        
        10.1.4  GB-OS now supports regular expression when defining IP
                addresses and domain names in address objects of type
                Surf Sentinel.
                GBOS4000003429
                
        10.1.5  Inbound tunnels now support load balancing when
                multiple IP addresses are referenced in the tunnel's
                destination address object.
                GBOS4000002969  
                
    10.2 Modifications
    
        10.2.1  Default user ID and password are now "fwadmin".
                GBOS4000003170
                
        10.2.2  Interfaces are now referenced using GB-OS specific
                names (eth0, eth1, etc.) instead of their Unix
                designations.
                GBOS4000003052  
                
        10.2.3  Service group objects can now be used when configuring
                security policies and tunnels.
                GBOS4000003275
                
        10.2.4  Time groups have been relocated to the Object Editor.
                GBOS4000002453
                
        10.2.5  Mail Sentinel Statistics now display maximum allowed
                and peak concurrent connections.
                GBOS4000003049
                
        10.2.6  GB-OS log messages now log security policy types as
                pol_type and security policy actions as pol_action.
                GBOS4000003558
                
        10.2.7  GB-OS log messages now log interface types by their
                logical name instead of their NIC driver type and
                number.
                GBOS4000003144      
                
        10.2.8  The Configuration Summary now displays configured
                Mail Sentinel policies' type.
                GBOS4000002728
                
        10.2.9  The Configuration Summary now displays whether Surf
                Sentinel policies accept or deny unknown HTTP commands.
                GBOS4000002892
                
        10.2.10 The Configuration Summary now displays an address
                object's type and whether the object uses regular
                expression.
                GBOS4000002919
                
        10.2.11 GB-Ware installations that have not been activated
                will default to a two user license that can support up
                to 200 concurrent connections and five aliases.  IPSec
                tunnels and GTA Mobile VPN Client connections cannot be
                configured.
                GBOS4000003579      
                

11. UTILITIES

    11.1 Modifications
    
        11.1.1  The GNAT-Box field has been renamed to Firewall in the
                GBAuth utility.
                GBAuth1120003337
                
        11.1.2  Updated GTA Syslog to version 2.0.0. This version is
                no longer compatible with GTA Reporting Suite version
                1.1.
                Syslog2000003093


12. RELEASE NOTES HISTORY

    12.1    Previous Release Notes
            These notes cover the 4.0.0 release of GB-OS. Release notes 
            for previous versions can be found at GTA's web site, 
            http://www.gta.com.		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.