Unified Threat Management - Support | GTA, Inc.

		                         GB-OS FIREWALL SOFTWARE
                            VERSION 4.0.2
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 4.0.2
Date:       14 September 2006

-------------------------------------------------------------------------
GB-OS version 4.0.2 includes updated versions of the following GTA
products and utilities:

    GB-OS 4.0.2

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SYSTEM

3.  NETWORK

4.  SECURITY POLICIES

5.  SERVICES

6.  THREAT MANAGEMENT

7.  VPN

8.  ACTIVITY

9.  TOOLS

10. OPERATING SYSTEM

11. UTILITIES

12. RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 3.7.2 or below, new activation codes must be
        entered. GB-OS version 4.0.2 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement, or who purchased a GTA firewall operating on GB-OS
        version 4.0.0. Other users should contact their local 
        GTA channel partner or email sales@gta.com for information and
        pricing of upgrade options.
        
    1.2 Upgrading from GB-OS 3.5 or Below
    
        If upgrading from GB-OS 3.5 or below, it is necessary to first
        upgrade to an interim version of GB-OS before installing GB-OS
        4.0.  For upgrade instructions, refer to Reference D in the
        GB-OS User's Guide.

    1.3 Upgrading Hard Drive GB-Ware Installations from 3.5.x to 4.0.2

        When upgrading a hard drive GB-Ware firewall from version 3.5.x 
        to 4.0.2:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.
        
    1.4 Upgrading from GB-OS 3.7.2 and Below    
        
      1.4.1 Error Messages Upon Initial Reboot
    
            Upon rebooting after successful installation, the GTA
            firewall may display errors when accessed using the Web
            interface. This is expected, these errors are generated
            because the browser's cache is trying to access files and
            locations that no longer apply. Click OK to any displayed
            errors and refresh the browser window to access GB-OS 4.0.
            If the error messages persist, clear your browser's cache.
        
      1.4.2 Default Login and Password Changes
        
            Firewall administrators who have never changed their default
            login and password in the Admin Accounts section of GB-OS
            3.x will find that their default account's login information
            will no longer work with GB-OS 4.0.  After the firewall
            administrator has upgraded to GB-OS 4.0, their login and
            password will both default to "fwadmin".
            
      1.4.3 User Group Assignments When Upgrading From Previous Versions
    
            When upgrading to GB-OS 4.0.2, users will automatically be
            organized into groups based on the name of the their VPN
            object. For example, a user that made use of a VPN object
            with a name of Marketing Department will be assigned to a
            group named Marketing Department, while a user that made use
            of a VPN object with the name of MOBILE will be assigned to
            a group named MOBILE.
            Users that have no VPN object assigned to them will be
            organized into groups based on the GB-OS version that the
            administrator is upgrading from, such as Users_372.
            
      1.4.4 Static Gateway to Static Gateway VPN Failure
    
            Firewall administrators that have a configured VPN between
            two static gateways may find that their VPN no longer
            functions after they have upgraded to GB-OS 4.0.  This is
            caused when the firewall administrator had a local identity
            configured in the Authorization>VPN section on their GTA
            firewall before it was upgraded to GB-OS 4.0.  GB-OS
            versions prior to GB-OS 4.0 ignored this field when a static
            gateway to static gateway VPN was configured; in GB-OS 4.0,
            the local identity is recognized and can result in a failure
            when a VPN connection previously worked. To correct this
            issue, simply navigate to Configuration>VPN>IPSec Tunnels
            and edit the IPSec tunnel in question by setting the local
            identity to IP Address. 
            
      1.4.5 Restrictive VPN Configurations
    
            When upgrading to GB-OS 4.0, firewall administrators may
            need to rebuild their VPN policies.  In previous versions of
            GB-OS, VPN access was controlled using pass through filters.
            In GB-OS 4.0, VPN access is controlled using VPN policies
            which allow all VPN traffic by default. Firewall
            administrators who have upgraded to GB-OS 4.0 will need to
            manually recreate any restrictive VPN policies.
            
      1.4.6 VPN Object Names
    
            Previously defined VPN objects will have the GB-OS version
            number appended to their name after the GTA firewall has
            been upgraded to version 4.0.  For example, a VPN object
            with a name of IKE in GB-OS 3.7.0 will be named IKE_370
            after the upgrade.
            
      1.4.7 Address Object Identification

            Previously defined address objects that were of type IP
            Addresses will be re-categorized as being of type All after
            the GTA firewall has been upgraded to version 4.0.
            
    1.5 Upgrading from GB-OS 4.0.0 or 4.0.1
    
      1.5.1 Service Group Object Modifications
          
          The built-in DNS Zone service group object has been merged
          with the DNS Lookups service group object.  Because of this
          merger, configurations that reference the now defunct DNS Zone
          service group object will need to updated to reference the DNS
          Lookups service group object.    
        
    1.6 Platform Independent Web Interface
    
        GB-OS 4.0 includes a platform independent web interface which
        provides an improved workflow, user-friendly design with
        enhanced features such as offline configuration and verification
        using GB-OS 4.0's Test Mode. GBAdmin is not supported by
        GB-OS 4.0.

    1.7 SSL Certificate Replacement

        GB-OS version 4.0.2 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  SYSTEM

    2.1 Modifications
    
        2.1.1   Misspellings of built-in service group object
                descriptions have been corrected.
                GBOS4020003874
                
        2.1.2   The built-in LDAP service group object now uses TCP
                port 389.
                GBOS4020003930
                
        2.1.2   The built-in DNS Zone service group object has been
                merged with the DNS Lookups service group object to
                allow DNS lookups using TCP.
                GBOS4020003916
                
        2.1.3   User defined service group fields now allow for the
                entry of up to twelve port values separated by
                commas.
                GBOS4020003976        

                
3.  NETWORK

    3.1 Modifications
    
        3.1.1   Text fields in the Timeouts section under the advanced
                tab of the Network Settings screen now accept values 
                up to 99999.
                GBOS4020003864
                
        3.1.2   Inbound tunnels that are not configured to
                automatically accept all policies do not allow the
                configuration of advanced options and traffic shaping.
                GBOS4020003860
                
        3.1.3   Static mappings can now have their destination assigned
                to High Availability interfaces. 
                GBOS4020003902
                
        3.1.4   GB-OS now requires static mappings to have an object
                selected in the From or To fields.
                GBOS4020003898
                
        3.1.5   The PPP section's defaults for transport type are now
                'PPPoE' with a connection type of 'Dedicated'.
                GBOS4020003946      
        

    3.2 Bug Fixes       
                
        3.2.1   GB-OS now forces version 4 IP addresses when resolving
                NTP servers.
                GBOS4020003891  


4.  SECURITY POLICIES

    4.1 New Features
    
        4.1.1   A detailed security policy list is now available by
                appending '?details' to the firewall’s URL.
                GBOS4020003885
                 
                 
5.  SERVICES

    5.1 Modifications
    
        5.1.1   MAC addresses are now normalized by converting dashes
                (-) to colons (:) before DHCP static leases are saved.
                GBOS4020003537
                
    5.2 Bug Fixes
    
        5.2.1   The Dynamic DNS service now uses the local IP address
                instead of the remote IP address when PPPoE is used.
                GBOS4020003974
                
        5.2.2   The Dynamic DNS service now correctly reports a dynamic
                IP address when aliases are used by the firewall.
                GBOS4020003975  
                    
                   
6.  THREAT MANAGEMENT

    6.1 Modifications
    
        6.1.1   The Mail Sentinel policy list now uses accept/deny
                icons to visually indicate the nature of configured
                policies.
                GBOS4020003915
                
        6.1.2   The Surf Sentinel policy list now displays a summary
                view of configured policies' source, facilities and
                descripton.
                GBOS4020003956
                
    6.2 Bug Fixes
    
        6.2.1   
                The Surf Sentinel Transparent Proxy no longer crashes
                when a local allow/deny list containing more than 50
                entries is used.
                GBOS4020003948
       

7.  VPN

    7.1 Bug Fixes
    
        7.1.1   GB-OS no longer forces a default hash algorithm upon
                defined VPNs when upgrading from version 3.x.
                GBOS4020003879
               
                
8.  ACTIVITY

    8.1 Modifications
    
        8.1.1   The Rules table in the Mail Sentinel section of the
                Threat Management Statistics screen has been renamed 
                to Policy.
                GBOS4020003873
                
9.  TOOLS

    9.1 Bug Fixes
    
        9.1.1   The Ping and Traceroute tools now use the selected
                binding interface.
                GBOS4020003936

            
10. OPERATING SYSTEM

    10.1 New Features
    
        10.1.1  Selecting a menu item from the navigation menu causes
                the selection to be highlighted in red.  The menu item
                remains highlighted until a new selection is made.
                GBOS4020003899
                
        10.1.2  Advanced tabs now recall their open/closed state for
                their current session.
                GBOS4020003892
                
        10.1.3  Items last edited within a list are now automatically
                highlighted when the list is displayed.
                GBOS4020003884
                
    10.2 Enhancements
    
        10.2.1  Verification of configuration settings has been
                improved.
                GBOS4020003898, GBOS4020003933, GBOS4020003939, 
                GBOS4020003932, GBOS4020003940, GBOS4020003953
                  
    10.3 Modifications
    
        10.3.1  GB-OS now generates SSL certificates with an issuer of
                'unknown' when no hostname has been defined.
                GBOS4020003905
                
        10.3.2  The Basic Setup Wizard now generates a new SSL
                certificate when completed.
                GBOS4020003907
                
        10.3.3  Hints have been updated and improved.
                GBOS4020003923, GBOS4020003468, GBOS4020003520
                
        10.3.4  GB-OS no longer allows nesting objects within
                themselves.
                GBOS4020003929
                
        10.3.5  The Verify screen has moved from
                Configuration>Configuration>Verify to
                Configuration>Verify.
                GBOS4020003928
                
        10.3.6  The default protocol is now TCP when the firewall
                administrator manually defines a service.
                GBOS4020003966
                
        10.3.7  Disabled objects are no longer excluded from pulldown
                lists.
                GBOS4020003938        
   
    10.4 Bug Fixes
    
        10.4.1  Sorting now uses a stable comparision.
                GBOS4020003881
                
        10.4.2  A memory leak no longer occurs when VLAN statistics
                are being collected.
                GBOS4020003520, GBOS4020003896
                
        10.4.3  Uploading files of 5MB or greater using SSL with the
                traditional proxy and connection speeds of 512Kbps or
                less no longer fail.
                GBOS4020003904
        
        10.4.4  Text fields are now displayed for manual configuration
                if no applicable address objects have been defined and
                 is the only option available from
                pulldown lists.
                GBOS4020003935
                
        10.4.5  GB-OS no longer improperly references service group
                objects that were created during the upgrade process
                from GB-OS 3.6 or 3.7 to GB-OS 4.0.
                GBOS4020003937
                
        10.4.6  GB-OS no longer strips the leading and trailing white
                spaces from uploads with binary data.
                GBOS4020003692
                
        10.4.7  Inbound tunnels and security policies with user
                defined IP protocols are now correctly saved.
                GBOS4020003967      
    
                
12. RELEASE NOTES HISTORY

    12.1    Previous Release Notes
            These notes cover the 4.0.2 release of GB-OS. Release notes 
            for previous versions can be found at GTA's web site, 
            http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3525 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220

		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.