Unified Threat Management - Support | GTA, Inc.

		                         
                     GB-OS FIREWALL SOFTWARE
                            VERSION 4.0.1
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 4.0.1
Date:       17 July 2006

-------------------------------------------------------------------------
GB-OS version 4.0.1 includes updated versions of the following GTA
products and utilities:

    GB-OS                       4.0.1

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  CONFIGURATION

3.  SYSTEM

4.  ACCOUNTS

5.  NETWORK

6.  SECURITY POLICIES

7.  SERVICES

8.  THREAT MANAGEMENT

9.  VPN

10. ACTIVITY

11. OPERATING SYSTEM

12. UTILITIES

13. RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 3.7.2 or below, new activation codes must be
        entered. GB-OS version 4.0.1 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement, or who purchased a GTA firewall operating on GB-OS
        version 4.0.0. Other users should contact their local 
        GTA channel partner or email sales@gta.com for information and
        pricing of upgrade options.
        
    1.2 Upgrading from GB-OS 3.5 or Below
    
        If upgrading from GB-OS 3.5 or below, it is necessary to first
        upgrade to an interim version of GB-OS before installing GB-OS
        4.0.  For upgrade instructions, refer to Reference D in the
        GB-OS User's Guide.

    1.3 Upgrading Hard Drive GB-Ware Installations from 3.5.x to 4.0.1

        When upgrading a hard drive GB-Ware firewall from version 3.5.x 
        to 4.0.1:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.
        
    1.4 Upgrading from GB-OS 3.7.2 and Below    
        
      1.4.1 Error Messages Upon Initial Reboot
    
            Upon rebooting after successful installation, the GTA
            firewall may display errors when accessed using the Web
            interface. This is expected, these errors are generated
            because the browser's cache is trying to access files and
            locations that no longer apply. Click OK to any displayed
            errors and refresh the browser window to access GB-OS 4.0.
            If the error messages persist, clear your browser's cache.
        
      1.4.2 Default Login and Password Changes
        
            Firewall administrators who have never changed their default
            login and password in the Admin Accounts section of GB-OS
            3.x will find that their default account's login information
            will no longer work with GB-OS 4.0.  After the firewall
            administrator has upgraded to GB-OS 4.0, their login and
            password will both default to "fwadmin".
            
      1.4.3 User Group Assignments When Upgrading From Previous Versions
    
            When upgrading to GB-OS 4.0.1, users will automatically be
            organized into groups based on the name of the their VPN
            object. For example, a user that made use of a VPN object
            with a name of Marketing Department will be assigned to a
            group named Marketing Department, while a user that made use
            of a VPN object with the name of MOBILE will be assigned to
            a group named MOBILE.
            Users that have no VPN object assigned to them will be
            organized into groups based on the GB-OS version that the
            administrator is upgrading from, such as Users_372.
            
      1.4.4 Static Gateway to Static Gateway VPN Failure
    
            Firewall administrators that have a configured VPN between
            two static gateways may find that their VPN no longer
            functions after they have upgraded to GB-OS 4.0.  This is
            caused when the firewall administrator had a local identity
            configured in the Authorization>VPN section on their GTA
            firewall before it was upgraded to GB-OS 4.0.  GB-OS
            versions prior to GB-OS 4.0 ignored this field when a static
            gateway to static gateway VPN was configured; in GB-OS 4.0,
            the local identity is recognized and can result in a failure
            when a VPN connection previously worked. To correct this
            issue, simply navigate to Configuration>VPN>IPSec Tunnels
            and edit the IPSec tunnel in question by setting the local
            identity to IP Address. 
            
      1.4.5 Restrictive VPN Configurations
    
            When upgrading to GB-OS 4.0, firewall administrators may
            need to rebuild their VPN policies.  In previous versions of
            GB-OS, VPN access was controlled using pass through filters.
            In GB-OS 4.0, VPN access is controlled using VPN policies
            which allow all VPN traffic by default. Firewall
            administrators who have upgraded to GB-OS 4.0 will need to
            manually recreate any restrictive VPN policies.
            
      1.4.6 VPN Object Names
    
            Previously defined VPN objects will have the GB-OS version
            number appended to their name after the GTA firewall has
            been upgraded to version 4.0.  For example, a VPN object
            with a name of IKE in GB-OS 3.7.0 will be named IKE_370
            after the upgrade.
            
      1.4.7 Address Object Identification

            Previously defined address objects that were of type IP
            Addresses will be re-categorized as being of type All after
            the GTA firewall has been upgraded to version 4.0.      
        
    1.5 Platform Independent Web Interface
    
        GB-OS 4.0 includes a platform independent web interface which
        provides an improved workflow, user-friendly design with
        enhanced features such as offline configuration and verification
        using GB-OS 4.0's Test Mode. GBAdmin is not supported by
        GB-OS 4.0.

    1.6 SSL Certificate Replacement

        GB-OS version 4.0.1 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  CONFIGURATION

    2.1 Modifications
    
        2.1.1   GB-OS now generates a verification warning if the
                configuration contains more than one interface selected
                as the gateway.
                GBOS4010003627
                
        2.1.2   GB-OS now verifies if a DHCP static lease contains a
                unique host name, IP address and MAC address.
                GBOS4010003544          

    2.2 Bug Fixes          
                
        2.2.1   GB-OS now correctly verifies remote networks with
                32-bit subnet masks.
                GBOS4010002828
                
        2.2.2   GB-OS now correctly verifies the use of VLAN interfaces
                in tunnels and security policies.
                GBOS4010003837, GBOS4010003852, GB0S4010003853
                
    
3.  SYSTEM

    3.1 Modifications
    
        3.1.1   Added Key Group option of 'none' for encryption
                objects.
                GBOS4010003752
                
        3.1.2   GTA Firewalls that are not capable of H2A High
                Availability no longer have the 'HA Nodes' address
                object in their default list.
                GBOS4010003815
                
        3.1.3   Mail Sentinel Anti-Spam and Mail Sentinel Anti-Virus
                now display their status on the System Overview page.
                GBOS4010003679
                
        3.1.4   The Force Mobile Protocol toggle now dynamically
                appears/disappears when it is a valid option and has
                been moved outside of the Phase I advanced area of the
                VPN object configuration screen.
                GBOS4010003841        
        
    3.2 Bug Fixes
    
        3.2.1   GB-OS now generates only one automatic policy for the
                network time service.
                GBOS4010003635
        
        
4.  ACCOUNTS

    4.1 Modifications
    
        4.1.1   When upgrading to GB-OS 4.0.1 from GB-OS 3.7.x or
                below, remote administration will be automatically
                enabled and updates will be allowed.
                GBOS4010003643      

                
5.  NETWORK

    5.1 Modifications
    
        5.1.1   Hostnames may only contain alphanumeric '-' or '.'
                characters. Any other characters are converted to '-'
                when saving.
                GBOS4010003684 

    5.2 Bug Fixes
    
        5.2.1   Static routes with a single IP as the network address
                are no longer verified as the broadcast address.
                GBOS4010003103 
                
        5.2.2   Alias interface objects now match the host address and
                not the network.
                GBOS4010003641
                
                        
6.  SECURITY POLICIES

    6.1 Modifications
    
        6.1.1   Security policies can now filter broadcast addresses.
                GBOS4010003758
                
    6.2 Bug Fixes
        
        6.2.1   GB-OS now correctly attempts to resolve the host name
                of an IP address that generates an alarm email.
                GBOS4010003086
                
        6.2.2   Security policies that require authentication now
                correctly upgrade from GB-OS 3.x.
                GBOS4010003821
                
        6.2.3   Security policies that filter based on protocols and
                services now correctly upgrade from GB-OS 3.x.
                GBOS4010003634      
                
                        
7.  SERVICES
                    
    7.1 Modifications
    
        7.1.1   GB-OS now verifies that high availability interfaces are
                not referencing missing or renamed logical interface
                names.
                GBOS4010003473
                    
                
8.  THREAT MANAGEMENT

    8.1 Modifications
    
        8.1.1   Remote proxies are now denied by default when
                configuring Surf Sentinel policies.
                GBOS4010003711

        8.1.2   GB-OS now logs URLs when logging inbound and outbound
                Internet access.
                GBOS4010003698
                
        8.1.3   Only address objects of type Mail Sentinel are valid
                options when selecting an email server in Mail Sentinel
                policies.
                GBOS4010002508
                
        8.1.4   Mail Sentinel Anti-Spam now responds to sending servers
                with '501 Rejected as spam', while Mail Sentinel 
                Anti-Virus responds with '501 Rejected, contains virus'.
                GBOS4010003800
                
        8.1.5   The algorithm that controls Mail Sentinel Anti-Spam and
                Mail Sentinel Anti-Virus licensing codes has been revised.
                GBOS4010003836
                

    8.2 Bug Fixes
    
        8.2.1   Entries in the local allow list are no longer logged as
                blocked when a Surf Sentinel policy match is made using
                the traditional proxy.
                GBOS4010003668
                
        8.2.2   Surf Sentinel now logs when traffic goes to a location
                in local allow or local deny lists. 
                GBOS4010003658
        

9.  VPN

    9.1 Bug Fixes
    
        9.1.1   VPNs now properly connect when the remote network is a
                single IP address.
                GBOS4010003511 
                
        9.1.2   The advanced tab no longer appears when editing an
                existing IPSec tunnel that uses a manual IPSec key mode.
                GBOS4010003827
                
        9.1.3   IPSec tunnels that use a manual IPSec mode and a VPN
                object with AES encryption no longer fail to save.
                GBOS4010001166
                
                
10.  ACTIVITY

    10.1 Modifications
    
        10.1.1  VLAN utilization statistics are now displayed on the
                Network Statistics screen.
                GBOS4010003850

        
11.  OPERATING SYSTEM

    11.1 New Features
    
        11.1.1  Support for the GB-3000 Firewall Appliance added.
                GBOS4010003802
                
    11.2 Modifications
    
        11.2.1  BIND has been upgraded to version 8.4.7.
                GBOS4010003805
                
        11.2.2  H2A High Availability settings are now accessible from
                the System Overview page.
                GBOS4010003667
                
        11.2.3  GB-OS now fully supports Spanish localization.
                GBOS4010003632
                
        11.2.4  ICMP tunnel closes are now forced to port 8.
                GBOS4010003823
                
        11.2.5  The System Overview shortcut is now located next to the
                Global Technology Associates, Inc. logo in the web
                interface.
                GBOS4010003842
                
        11.2.6  All firewall features that require an activation code
                now display a 'Requires activation code' message if no
                code is present.
                GBOS4010003846, GBOS4010003847
        
    11.3 Bug Fixes
    
        11.3.1  GB-OS security policies now coalesce data when
                coalescing has been enabled.
                GBOS4010003712 
                
        11.3.2  Inbound tunnels that require authentication now 
                correctly upgrade from GB-OS 3.6.x and 3.7.x.
                GBOS4010003678
                
        11.3.3  GB-OS now properly enables and disables firewall
                interfaces from the Web interface.
                GBOS4010003640
                
        11.3.4  Static routes with a single IP as the network address
                are no longer verified as the broadcast address.
                GBOS4010003103
        
        11.3.5  SMTP log messages now separate multiple users with a
                comma.
                GBOS4010003722
                
        11.3.6  GB-OS no longer computes the number of allowed
                authenticated users based upon the user licenses count.
                GBOS4010003772
                
        11.3.7  Pass through policies are now applied to bridged
                interfaces.
                GBOS4010003788
                
        11.3.8  GB-OS now only responds to port 113 (ident) on
                pre-existing connections.
                GBOS4010003833
                
        11.3.9  Traffic now properly processed by IP pass through when
                using a VLAN interface.
                GBOS4010003851
                
                
12. UTILITIES

    12.1 Modifications
    
        12.1.1  GTASyslog no longer crashes while it is installing as
                a service.
                GTASyslog2010003861

        
                            
13. RELEASE NOTES HISTORY

    13.1    Previous Release Notes
            These notes cover the 4.0.1 release of GB-OS. Release notes 
            for previous versions can be found at GTA's web site, 
            http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3525 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220

		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.