GB-OS FIREWALL SOFTWARE
Author: Global Technology Associates, Inc.
Product: GB-OS version 5.0.0
Date: 11 June 2007
GB-OS version 5.0.0 includes updated versions of the following GTA
products and utilities:
Release notes are located on the installation CD and on GTA's web site.
For more about upgrading related software, see individual product
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
7. SECURITY POLICIES
9. THREAT MANAGEMENT
12. OPERATING SYSTEM
13. RELEASE NOTES HISTORY
1. INSTALL NOTES
1.1 Corrupt Names and Descriptions
GB-OS 5.0 uses the UTF-8 character set, wherein the past previous
versions of GB-OS allowed administrators to select the character
set according to their locale. Before upgrading to GB-OS 5.0, it is
necessary to match your web browser’s character set with the
character set used by GB-OS. In GB-OS 3.x, the default character
set is selected at Basic Configuration>Preferences. In GB-OS
4.0, the default character set is selected at
1.2 Entering New Activation Codes
If upgrading from 4.0.4 or below, new activation codes must be
entered. GB-OS version 5.0.0 is available at no charge to
customers with a GTA support contract or annual maintenance
agreement. Other users should contact their local GTA channel
partner or email firstname.lastname@example.org for information and pricing of
1.3 Upgrading From GB-OS 3.4.0 Through GB-0S 4.0.2
If upgrading from GB-OS 3.4 through GB-OS 4.0.2, it is necessary
to first upgrade to an interim version of GB-OS before
installing GB-OS 5.0. For upgrade instructions, refer to
Reference D in the GB-OS User's Guide.
1.4 Upgrading Hard Drive GB-Ware Installations from 3.4.x to 5.0.0
When upgrading a hard drive GB-Ware firewall from version 3.4.x
1. Back up the firewall configuration.
2. Reinstall the firewall software completely from the CD.
3. Restore the configuration.
The GB-Ware CD image (ISO-9660) is available for download from
GTA's Online Support Center
(https://www.gta.com/support/center/login/). Failure to reinstall
from CD may cause hard drive geometry errors that prevent the
1.5 Upgrade Notes
1.5.1 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser’s cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 5.0. If the error messages persist, clear your
1.5.2 Default Login and Password Changes
Firewall administrators who have never changed their default
login and password in the Admin Accounts section of GB-OS
3.x will find that their default account’s login information
will no longer work with GB-OS 5.0. After the firewall
administrator has upgraded to GB-OS 5.0, their login and
password will both default to "fwadmin".
1.5.3 GB-250 Upgrade Notice
GB-250 Firewall UTM Appliances may reboot multiple times,
and may install GB-OS 5.0 on both memory slices during the
upgrade process. It is important that administrators DO NOT
shut down their firewall when upgrading to GB-OS 5.0. If
GB-OS 5.0 is installed on both memory slices, it will not be
possible to revert back to the previously installed version
1.5.4 GB Commander 1.1 No Longer Supported
GTA Firewall UTM Appliances operating GB-OS 5.0 do not
support GB Commander 1.1. As such, GB Commander 1.1
administrators will no longer be able to monitor firewalls
that have been upgraded to GB-OS 5.0.
Administrators of GTA firewalls monitored by GB Commander
1.1 may either upgrade their firewalls to GB-OS 5.0 and lose
GB Commander support or they may wait until GB Commander 2.0
has been released before they upgrade their firewalls to
1.5.5 VPN Object Names
Previously defined VPN objects will have the GB-OS version
number appended to their name after the GTA firewall has
been upgraded to version 5.0. For example, a VPN object
with a name of IKE in GB-OS 3.7.0 will be named IKE_370
after the upgrade.
1.5.6 Service Group Object Modifications
The built-in DNS Zone service group object has been merged
with the DNS Lookups service group object. Therefore,
configurations that reference the now defunct DNS Zone
service group object will need to be updated to reference
the DNS Lookups service group object.
1.6 Platform Independent Web Interface
GB-OS 5.0 includes a platform independent web interface which
provides an improved workflow, user-friendly design with
enhanced features such as offline configuration and verification
using GB-OS 5.0's Test Mode. GBAdmin is not supported in
GB-OS 4.0 and above.
1.7 SSL Certificate Replacement
GB-OS version 5.0.0 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
2.1.1 Configuration settings for date, time, time zone, and NTP
added to the Basic Setup Wizard.
2.1.2 Switching between Live and Test mode can no longer be
performed until the Basic Setup Wizard has been
cancelled or it has been run to enter initial settings.
2.1.3 External PPTP interfaces generated by the Basic Setup
Wizard are now named EXT_PPTP.
2.2 Bug Fixes
2.2.1 External PPTP interfaces generated by the Basic Setup
Wizard are now assigned to eth1.
3.1 New Features
3.1.1 GB-OS configurations are now imported and exported as
3.1.2 Configuration files can be exported manually by
appending /config to the firewall's URL, or
automatically by placing the URL with /config appended
in a script.
3.1.3 GB-OS configurations can now be encrypted and archived
when emailed from the Web interface.
3.2.1 The Audit Events log now records when a Live or
Test mode configuration has been exported.
3.2.2 The Audit Events log now records the sender and
recipient when a GB-OS configuration is emailed.
4.1 New Features
4.1.1 GB-OS now keeps record of administrator access history
in the System Overview screen.
4.1.2 GB-OS now automatically generates an address object
named 'Protected Networks' that defines all protected
networks if the object is not present.
4.2.1 The Audit Events section of the System Overview screen
now recalls its previous state.
4.2.2 Built-in, uneditable service group objects have been
updated to include new services and revised
GBOS5000004441, GBOS5000004085, GBOS5000004186,
4.3.1 Date and time settings can no longer be configured when
working in Test mode.
4.3.2 Time zone settings in the Date/Time screen are now
configured using a pull down menu.
4.3.3 The default address object 'Email Abuse Lists' now uses
zen.spamhaus.org and list.dsbl.org.
4.4 Bug Fixes
4.4.1 Address objects and service group objects no longer
disallow entry of user-defined settings if a predefined
setting has already been selected.
5.1 New Features
5.1.1 Remote administration sessions can now be timed out
after 60 minutes of inactivity.
5.2.1 Summaries of configured groups now display index
numbers for subgroups and no longer display a configured
VPN object if Mobile VPN settings have been disabled.
GBOS5000004083, GBOS5000004084, GBOS5000004192,
5.2.2 GB-OS now uses UTF-8 character encoding. The ability
to define a localized character in the Account
Preferences screen has been removed.
5.3.1 Configurations settings for GB-OS administrators now
contain a Description field.
6.1.1 Configuration settings for network timeouts have moved
6.2 Bug Fixes
6.2.1 GB-OS no longer crashes when network interfaces are
6.2.2 GB-OS no longer crashes when more than twenty VLAN
interfaces have been configured.
6.2.3 The PPPoE Provider field is no longer displayed when
configuring a serial PPP connection.
6.2.4 GB-OS now properly routes gateway policy traffic
through VLAN interfaces.
7. SECURITY POLICIES
7.1 New Features
7.1.1 TCP SYN cookies can now be applied to remote access and
pass through security policies.
8.1 New Features
8.1.1 Network time servers can now be defined when creating a
DHCP address range.
8.1.2 The DHCP service now allows for the configuration of
8.1.3 The SNMP service now transmits statistics on configured
8.2.1 H2A - High Availability updates of slave systems are
now performed using Web interface administration port
(TCP port 443).
8.3 Bug Fixes
8.3.1 The DHCP service no longer fails when network, alias,
or VLAN configuration settings are saved.
8.3.2 GB-OS no longer crashes when the DHCP service is
enabled and runt packets are passing through the
8.3.3 Aliases and security policies configured to use a VLAN
interface no longer fail when GB-OS switches between
H2A – High Availability modes.
9. THREAT MANAGEMENT
9.1 New Features
9.1.1 Added an Intrusion Prevention System.
9.1.2 Support for greylisting added to Mail Sentinel
9.2.1 Configuration settings for Surf Sentinel policies are
now similar to other GB-OS configuration areas.
9.3 Bug Fixes
9.3.1 The Surf Sentinel proxy no longer performs a core dump
during latency calculations.
10.1 New Features
10.1.1 X.509 certificate support added for VPN authentication.
10.1.2 IKE VPN connections can now remain active using keep
10.1.3 Support added for network address translation through
10.1.4 Pings through a VPN to a GTA Firewall UTM Appliance
are not dropped if GB-OS is operating in stealth mode.
10.2.1 The GB-250e Firewall UTM Appliance now blocks ping
packets larger than 1,200 bytes through a VPN bound for
10.3 Bug Fixes
10.3.1 GB-OS now properly preserves VPN identity types during
the upgrade process.
10.3.2 IKE VPN connections now properly work over VLAN
10.3.3 GB-OS now properly initializes all ports used during VPN
11.1.1 Mail Sentinel Anti-Virus statistics have been
reorganized to better present displayed data.
12. OPERATING SYSTEM
12.1 New Features
12.1.1 Icons now display the verification status of a
configuration screen from within the menu of the Web
interface. Icon states are verified (green), warning
(yellow), and error (red).
12.1.2 The Hints section of the Web interface can now be hidden
to increase the display area for configuration settings.
12.1.3 Support added for SATA hard disk drives.
12.1.4 Support added for TCP window scaling when TCP SYN
cookies are in use.
12.2.1 Verification of configuration settings has been improved.
GBOS5000004390, GBOS5000004419, GBOS5000004323,
GBOS5000003989, GBOS5000004245, GBOS5000004251,
GBOS5000003831, GBOS5000004023, GBOS5000003601,
GBOS5000003964, GBOS5000004386, GBOS5000004120
12.2.2 The GB-OS Web interface now includes new techniques to
improve display performance.
12.2.3 The GB-OS Web interface now includes a restyled
12.2.4 Improved support for the Intel 82571EB chipset.
12.3.1 GB-Ware is now a single runtime image. Settings to
change access to the Console interface and to update the
master boot record are now made from the Web interface.
12.3.1 Support for ISA Ethernet adapters has been removed.
12.3.2 BIND has been upgraded to version 9.4.1.
12.4 Bug Fixes
12.4.1 The GB-250's network interface card drivers have been
updated to allow full duplex speeds when configured to
operate at full duplex.
13. RELEASE NOTES HISTORY
13.1 Previous Release Notes
These notes cover the 5.0.0 release of GB-OS. Release notes
for previous versions can be found at GTA's web site,
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817