Global Technology Associates, Inc.
Title: GNAT Box Firewall System Release Notes
Product: GNAT Box System Software Version 3.2.0
Date: 22 May 2001
These Release Notes includes the following sections:
1. System Software
1.1 Bug Fixes
1.2 Enhancements and Changes
2. Services
2.1 Bug Fixes
2.2 Enhancements and Changes
3. User Interfaces - All Interfaces
3.1 Bug Fixes
3.2 Enhancements and Changes
4. GBAdmin User Interface
4.1 Bug Fixes
4.2 Enhancements and Changes
5. Console User Interface
5.1 Bug Fixes
5.2 Enhancements and Changes
6. Web Browser Interface
6.1 Bug Fixes
6.2 Enhancements and Changes
7. Verification
6.1 Bug Fixes
6.2 Enhancements and Changes
----------------------------------------------------------------------
1. System Software
1.1 Bug Fixes
1. VPN connections didn't show up on current statistics windows.
Resolution: Make VPN connections increment/decrement connection
counters.
2. Some IKE implementations do not like ISAKMP connections from other
than UDP port 500.
Resolution: When performing NAT on ISAKMP, force port to be 500.
3. IPSec and PPP didn't interoperate properly.
Resolution: PPP now correctly handles empty IPSec encapsulation packets.
4. Driver for DEC EtherWORKS II/III NICs (le) causing problems with
NE2000 cards.
Resolution: Dropped support for old DEC EtherWORKS II/III NICs.
5. Static address mapping sometimes selected incorrect mapping for
overlapping "from" addresses.
Resolution: Enforce order specified in static address mappings
when checking for a match.
6. Static Address Mapping did not work if the "to" address was a
IP primary address of a NIC.
Resolution: Static Address Mapping now matchs against primary IP
addresses in addition to aliases.
1.2 Enhancements and Changes
1. A filter's index number now appears in log messages.
2. 'PASS' now appears as a facility when logging messages about
IP Pass Through. Previously these messages were logged under the
'NAT' facility.
3. Move 'WWW' after facility field for http accesses.
3. When a 'double NAT' translation occurs the system now hides the source
instead of using beginning of tunnel for source IP address.
4. New three character mnemonics have replaced filter name tags in log
messages.
OBF - Outbound (Outbound Filter)
RAF - Remote access (Remote Access Filter)
PTF - Pass Thru (IP Pass Through Filter)
ATF - Auto (Automatic Filter)
5. Filter messages now include "alarm" mnemonic if alarm was generated by
filter.
2. Services
2.1 Bug Fixes
1. High Availablity - When in HA mode, new aliases are not installed
when saved.
Resolution: Install aliases when saving if master.
2. DHCP Server - Server would not give out addresses when rebooting
if DHCP or PPP enabled for an interface.
Resolution: Fix DHCP server configuration problem when DHCP or
PPP enabled for an interface.
3. VPN - Specifying strong encryption for phase 1, incorrectly attempts
to use AES as a possible encryption method.
Resolution: If strong encryption selected for phase 1, don't
specify AES.
4. VPN - Manual VPNs using objects with multiple members caused error
"file exists" to be displayed.
Resolution: For each manual VPN create the VPN tunnel only once.
5. DNS Server - In some situations multiple instances of the DNS server
were started.
Resolution: Allow only one instance of the DNS server to run.
6. Email Proxy - The results of RDNS lookups being performed by the
SMTP proxy were being truncated to 19 characters.
Resolution: RDNS lookups are no longer truncated.
7. Web Proxy - Traditional WWW proxy occasionally fails when
processing HTTP "POST" commands.
Resolution: HTTP "POST" commands now operate properly with the
Traditional WWW proxy.
8. High Availablity - When using HA, VPNs can continue to use old
keys if the reason for a "master" loosing connectivity is
transitory (for example removing a network cable).
Resolution: If VPNs are configured, flush old keys when
a "slave" system becomes a "master" system.
9. Routing - Email from the Gateway Selector facility always
reports the new default route to be 0.0.0.0.
Resolution: The Gateway Selector facility now sends email
with the correct default route information.
10. Reports - Emailed reports had date and time on the DATE line
in addition to time being on the TIME line.
Resolution: Remove TIME line.
11. DHCP Server - During DHCP lease renewal the server ID field
was incorrectly included in DHCPREQUEST message.
Resolution: If renewing a DHCP lease don't include the
server ID field.
12. Alarms - If DNS is slow to respond or misconfigured, sockets
being used for DNS lookups not being closed.
Resolution: Fix bug in resolver library to close sockets
upon failure as well as success.
2.2 Enhancements and Changes
1. High Availablity - If there is a problem contacting the
high availability beacons, perform a gratuitous ARP
every 2 seconds.
2. High Availablity - If a "not responding" message is logged when a
high available beacon can not be contacted, log a "responding"
message when the same beacon is accessible again.
3. High Availablity - The beacon "not responding" message
has been changed to be logged every 10 seconds. Previously the
message would be logged every 30 seconds.
4. High Availablity - The beacon "not responding" syslog message
priority has been changed to "Warning".
5. VPN - VPN client licensing is now enforced on the firewall.
Previously licensing was enforced on the workstation.
6. VPN - Systems that support mobile VPN clients (GB-100, GB-1000,
and GB-Flash) now support one mobile VPN client connection by
default. Additional concurrent connections require the purchase
of activation codes.
3. User Interface - All User Interfaces
3.1 Bug Fixes
1. When updating a high availability slave the master overwrites
the HA and enterprise "Local IP address".
Resolution: Only update slave's HA configuration with master's HA
configuration data if the slave's HA information is not configured.
Disable HA configuration that is saved to slave.
2. HA mode displays as "slave" for both "slave" and "init" modes.
Resolution: Add support to display the proper mode message.
3. Incoming and outgoing bandwidth utilization show same value.
Resolution: Use number of received bytes instead of number of
sent bytes when calculating incoming bandwidth utilization.
4. The minutes portion of idle time on Active VPN Connections
and Active Connections reports displays incorrectly for idle
times greater than one hour.
Resolution: Subtract hours and days before calculating minutes.
5. The saving of Static Routes fails if any entry is invalid.
Resolution: If there is an error adding a specific static route,
continue to add remainder of the static routes in the table.
3.2 Enhancements and Changes - All User Interfaces
1. Added description field to "Active VPN Connections" report.
2. Added support for protocols defined in protocol list
to inbound tunnels.
3. Added support for PPPoE.
4. Added color to verification. Errors show up in red and
warnings in blue.
5. Locked the "ANY_IP" address object such that it can
not be modified or deleted.
4. GBAdmin User Interface
Note: For those upgrading from a 3.1.x version prior to 3.1.3.
In version 3.1.3 the key exchange mechanism used for encrypted
communications was changed. This made GBAdmin incompatible for
online communications with system software versions prior to 3.1.3.
The web interface can be used to upload and update the new runtime
once the system has been re-booted then version 3.2.0 can be used.
Note: Accessing a version 3.1.3 system using GBAdmin 3.2
If you access a 3.1.3 system with GBAdmin 3.2 the Feature Codes will
not be displayed properly.
4.1 Bug Fixes
1. When loading in a 3.0.3 config the Source for a VPN would
be set to a bogus address.
Resolution: Source VPN address is loaded correctly.
2. Selecting a hash value of "ALL" resulted in verification
warnings about key size being incorrect.
Resolution: Selecting a hash value of "ALL" no longer causes a
verification warning message.
3. When defaulting a section and expert mode is enabled, a
dialog with the message "Are you sure?" would be displayed.
Resolution: The expert mode no longer displays this dialog.
4. Selecting "Active VPNs" caused the RMC server to crash.
Resolution: Selecting "Active VPNs" no longer causes the
RMC server to crash.
5. When viewing log messages the display of the messages is slow.
Resolution: Change buffering mechanism to increase the number of
messages transferred at one time.
6. Sections that aren't valid for a product are showing
up in configuration and verification reports.
Resolution: Verification reports no longer display sections
that do not apply to the selected product.
7. When updating a HA slave preferences are cleared except
serial number.
Resolution: Merge serial number into master's configuration
instead of zeroing information except serial number.
8. Adding new "Address Objects" with the "Insert" key
would cause GBAdmin to crash. Deleting "Address Objects" with
the "Delete" key would cause two items to be deleted.
Resolution: Using the Insert or Delete key in the "Address Objects"
now functions properly.
9. Adding "Address Objects" could cause GBAdmin to crash.
Resolution: Adding "Address Objects" now functions properly.
10. Unable to move rows in "Static Address Mappings" and
"Inbound Tunnels".
Resolution: Moving the rows in the "Static Address Mapping"
and "Inbound Tunnels" sections now functions properly.
11. Sometimes when editing PPP preferences GBAdmin would crash.
Resolution: Editing PPP preferences no longer crashes GBAdmin.
12. When cutting and pasting rows in the filter section the last row
would get the description from the first row.
Resolution: Cutting and pasting rows in the filter section now
functions properly.
14. Merging a configuration overrides the selected product
type with the product type of the configuration.
Resolution: When merging a configuration, preserve the
currently selected product type.
4.2 Enhancements and Changes
5. Console User Interface
5.1 Bug Fixes
1. Restore configuration not working.
Resolution: Make backup correctly set end of backup marker.
2. When defaulting Objects the window is not re-displayed.
Resolution: The Objects window is now re-displayed.
3. Defaulting Remote Administration only defaults port numbers.
Resolution: Make defaulting Remote Administration update all fields.
5.2 Enhancements and Changes
6. Web Browser User Interface
6.1 Bug Fixes
1. The button for changing timezones is showing up on products
that don't support timezones.
Resolution: Removed change timezone button from products that
don't support timezones.
2. In view log messages, messages that begin with a "<" are being
interpreted as HTML tags.
Resolution: Add logic to replace HTML special characters with
corresponding &#xx; sequence.
3. Configurations emailed or downloaded are not setting product type
as expected by GBadmin.
Resolution: Set product type when emailing or downloading a
configuration from the Web Browser interface.
6.2 Enhancements and Changes
7. Verification
7.1 Enhancements and Changes
1. Generate warning message if DNS mail exchanger is not found
or is an alias.
|
|
Copyright © 2013 Global Technology Associates, Inc. All rights reserved.
'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.
