Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

   Title: GNAT Box Firewall System Release Notes
 Product: GNAT Box System Software Version 3.2.0
    Date: 22 May 2001

These Release Notes includes the following sections:

1. System Software
    1.1 Bug Fixes
    1.2 Enhancements and Changes

2. Services
    2.1 Bug Fixes
    2.2 Enhancements and Changes

3. User Interfaces - All Interfaces
    3.1 Bug Fixes
    3.2 Enhancements and Changes

4. GBAdmin User Interface
    4.1 Bug Fixes
    4.2 Enhancements and Changes

5. Console User Interface
    5.1 Bug Fixes
    5.2 Enhancements and Changes

6. Web Browser Interface
    6.1 Bug Fixes
    6.2 Enhancements and Changes

7. Verification 
    6.1 Bug Fixes
    6.2 Enhancements and Changes

----------------------------------------------------------------------
1. System Software
1.1 Bug Fixes

  1. VPN connections didn't show up on current statistics windows.  

     Resolution: Make VPN connections increment/decrement connection 
     counters.

  2. Some IKE implementations do not like ISAKMP connections from other 
     than UDP port 500.

     Resolution: When performing NAT on ISAKMP, force port to be 500.

  3. IPSec and PPP didn't interoperate properly.

     Resolution: PPP now correctly handles empty IPSec encapsulation packets.

  4. Driver for DEC EtherWORKS II/III NICs (le) causing problems with 
     NE2000 cards.  

     Resolution: Dropped support for old DEC EtherWORKS II/III NICs.

  5. Static address mapping sometimes selected incorrect mapping for 
     overlapping "from" addresses.

     Resolution: Enforce order specified in static address mappings 
     when checking for a match.

  6. Static Address Mapping did not work if the "to" address was a 
     IP primary address of a NIC.

     Resolution: Static Address Mapping now matchs against primary IP 
     addresses in addition to aliases.


1.2 Enhancements and Changes

  1. A filter's index number now appears in log messages.  

  2. 'PASS' now appears as a facility when logging messages about 
     IP Pass Through.  Previously these messages were logged under the
     'NAT' facility. 

  3.  Move 'WWW' after facility field for http accesses.

  3. When a 'double NAT' translation occurs the system now hides the source 
     instead of using beginning of tunnel for source IP address.

  4. New three character mnemonics have replaced filter name tags in log
     messages.
     OBF - Outbound (Outbound Filter)
     RAF - Remote access (Remote Access Filter)
     PTF - Pass Thru  (IP Pass Through Filter)
     ATF - Auto  (Automatic Filter) 

  5. Filter messages now include "alarm" mnemonic if alarm was generated by
     filter.


2. Services
2.1 Bug Fixes

    1. High Availablity - When in HA mode, new aliases are not installed 
       when saved.  

       Resolution: Install aliases when saving if master.

    2. DHCP Server - Server would not give out addresses when rebooting 
       if DHCP or PPP enabled for an interface.  

       Resolution: Fix DHCP server configuration problem when DHCP or 
       PPP enabled for an interface.

    3. VPN - Specifying strong encryption for phase 1, incorrectly attempts
       to use AES as a possible encryption method.

       Resolution: If strong encryption selected for phase 1, don't 
       specify AES.

    4. VPN - Manual VPNs using objects with multiple members caused error 
       "file exists" to be displayed.

       Resolution: For each manual VPN create the VPN tunnel only once.

    5. DNS Server - In some situations multiple instances of the DNS server
       were started.

       Resolution: Allow only one instance of the DNS server to run.

    6. Email Proxy - The results of RDNS lookups being performed by the 
       SMTP proxy were being truncated to 19 characters.

       Resolution: RDNS lookups are no longer truncated.  

    7. Web Proxy - Traditional WWW proxy occasionally fails when 
       processing HTTP "POST" commands.

       Resolution: HTTP "POST" commands now operate properly with the
       Traditional WWW proxy. 

    8. High Availablity - When using HA, VPNs can continue to use old 
       keys if the reason for a "master" loosing connectivity is 
       transitory (for example removing a network cable).

       Resolution: If VPNs are configured, flush old keys when 
       a "slave" system becomes a "master" system.

    9. Routing - Email from the Gateway Selector facility always 
       reports the new default route to be 0.0.0.0.

       Resolution: The Gateway Selector facility now sends email 
       with the correct default route information.

   10. Reports - Emailed reports had date and time on the DATE line 
       in addition to time being on the TIME line.

       Resolution: Remove TIME line.

   11. DHCP Server - During DHCP lease renewal the server ID field 
       was incorrectly included in DHCPREQUEST message.

       Resolution: If renewing a DHCP lease don't include the
       server ID field.  

   12. Alarms - If DNS is slow to respond or misconfigured, sockets
       being used for DNS lookups not being closed.

       Resolution: Fix bug in resolver library to close sockets
       upon failure as well as success.


2.2 Enhancements and Changes
    1. High Availablity - If there is a problem contacting the 
       high availability beacons, perform a gratuitous ARP 
       every 2 seconds.

    2. High Availablity - If a "not responding" message is logged when a 
       high available beacon can not be contacted, log a "responding" 
       message when the same beacon is accessible again.

    3. High Availablity - The beacon "not responding" message 
       has been changed to be logged every 10 seconds.  Previously the
       message would be logged every 30 seconds. 

    4. High Availablity - The beacon "not responding" syslog message 
       priority has been changed to "Warning".

    5. VPN - VPN client licensing is now enforced on the firewall. 
       Previously licensing was enforced on the workstation.

    6. VPN - Systems that support mobile VPN clients (GB-100, GB-1000,
       and GB-Flash) now support one mobile VPN client connection by
       default.  Additional concurrent connections require the purchase
       of activation codes.

3. User Interface - All User Interfaces
3.1 Bug Fixes

    1. When updating a high availability slave the master overwrites 
       the HA and enterprise "Local IP address".

       Resolution: Only update slave's HA configuration with master's HA
       configuration data if the slave's HA information is not configured. 
       Disable HA configuration that is saved to slave.

    2. HA mode displays as "slave" for both "slave" and "init" modes.

       Resolution: Add support to display the proper mode message.

    3. Incoming and outgoing bandwidth utilization show same value.

       Resolution: Use number of received bytes instead of number of 
       sent bytes when calculating incoming bandwidth utilization.

    4. The minutes portion of idle time on Active VPN Connections 
       and Active Connections reports displays incorrectly for idle 
       times greater than one hour.

       Resolution: Subtract hours and days before calculating minutes.

    5. The saving of Static Routes fails if any entry is invalid.

       Resolution: If there is an error adding a specific static route, 
       continue to add remainder of the static routes in the table.

3.2 Enhancements and Changes - All User Interfaces

    1. Added description field to "Active VPN Connections" report.

    2. Added support for protocols defined in protocol list
       to inbound tunnels.

    3. Added support for PPPoE.

    4. Added color to verification. Errors show up in red and
       warnings in blue.

    5. Locked the "ANY_IP" address object such that it can
       not be modified or deleted.

4. GBAdmin User Interface
   Note: For those upgrading from a 3.1.x version prior to 3.1.3.

   In version 3.1.3 the key exchange mechanism used for encrypted 
   communications was changed. This made GBAdmin incompatible for 
   online communications with system software versions prior to 3.1.3.
   The web interface can be used to upload and update the new runtime
   once the system has been re-booted then version 3.2.0 can be used. 

   Note: Accessing a version 3.1.3 system using GBAdmin 3.2 
   If you access a 3.1.3 system with GBAdmin 3.2 the Feature Codes will
   not be displayed properly.

4.1 Bug Fixes

    1.  When loading in a 3.0.3 config the Source for a VPN would 
        be set to a bogus address.

        Resolution: Source VPN address is loaded correctly. 

    2.  Selecting a hash value of "ALL" resulted in verification
        warnings about key size being incorrect.

        Resolution: Selecting a hash value of "ALL" no longer causes a
        verification warning message.

    3.  When defaulting a section and expert mode is enabled, a
        dialog with the message "Are you sure?" would be displayed.

        Resolution: The expert mode no longer displays this dialog. 

    4.  Selecting "Active VPNs" caused the RMC server to crash.

        Resolution: Selecting "Active VPNs" no longer causes the 
	RMC server to crash.

    5.  When viewing log messages the display of the messages is slow.

        Resolution: Change buffering mechanism to increase the number of
        messages transferred at one time.

    6.  Sections that aren't valid for a product are showing
        up in configuration and verification reports.

        Resolution: Verification reports no longer display sections 
        that do not apply to the selected product.

    7.  When updating a HA slave preferences are cleared except 
        serial number.

        Resolution: Merge serial number into master's configuration 
        instead of zeroing information except serial number.

    8.  Adding new "Address Objects" with the "Insert" key
        would cause GBAdmin to crash. Deleting "Address Objects" with 
        the "Delete" key would cause two items to be deleted.
 
        Resolution: Using the Insert or Delete key in the "Address Objects"
        now functions properly.

    9.  Adding "Address Objects" could cause GBAdmin to crash.

        Resolution: Adding "Address Objects" now functions properly.

    10. Unable to move rows in "Static Address Mappings" and 
        "Inbound Tunnels".

        Resolution: Moving the rows in the "Static Address Mapping" 
	and "Inbound Tunnels" sections now functions properly.

    11. Sometimes when editing PPP preferences GBAdmin would crash.

        Resolution:  Editing PPP preferences no longer crashes GBAdmin.

    12. When cutting and pasting rows in the filter section the last row 
        would get the description from the first row.

        Resolution: Cutting and pasting rows in the filter section now
	functions properly.

    14.  Merging a configuration overrides the selected product
         type with the product type of the configuration.

         Resolution:  When merging a configuration, preserve the 
	 currently selected product type.

4.2  Enhancements and Changes

5. Console User Interface
5.1  Bug Fixes

     1.  Restore configuration not working.

         Resolution: Make backup correctly set end of backup marker.

     2.	 When defaulting Objects the window is not re-displayed. 

         Resolution: The Objects window is now re-displayed. 

     3.	 Defaulting Remote Administration only defaults port numbers.

         Resolution: Make defaulting Remote Administration update all fields.

5.2 Enhancements and Changes

6. Web Browser User Interface
6.1 Bug Fixes

    1.  The button for changing timezones is showing up on products 
        that don't support timezones.

        Resolution: Removed change timezone button from products that 
	don't support timezones.

    2.  In view log messages, messages that begin with a "<" are being 
        interpreted as HTML tags.  
	
	Resolution: Add logic to replace HTML special characters with
        corresponding &#xx; sequence.

    3.  Configurations emailed or downloaded are not setting product type 
        as expected by GBadmin.

        Resolution: Set product type when emailing or downloading a 
	configuration from the Web Browser interface.

6.2 Enhancements and Changes

7. Verification 
7.1 Enhancements and Changes
    1.  Generate warning message if DNS mail exchanger is not found 
        or is an alias.		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.