Unified Threat Management - Support | GTA, Inc.

		
GB-OS FIREWALL SOFTWARE
VERSION 5.0.0
RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 5.0.0
Date:       11 June 2007

-------------------------------------------------------------------------
GB-OS version 5.0.0 includes updated versions of the following GTA
products and utilities:

    GB-OS                       5.0.0

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  WIZARDS

3.  CONFIGURATION

4.  SYSTEM

5.  ACCOUNTS

6.  NETWORK

7.  SECURITY POLICIES

8.  SERVICES

9.  THREAT MANAGEMENT

10. VPN

11. ACTIVITY

12. OPERATING SYSTEM

13. RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Corrupt Names and Descriptions
      
       GB-OS 5.0 uses the UTF-8 character set, wherein the past previous
       versions of GB-OS allowed administrators to select the character
       set according to their locale. Before upgrading to GB-OS 5.0, it is
       necessary to match your web browser’s character set with the
       character set used by GB-OS.  In GB-OS 3.x, the default character
       set is selected at Basic Configuration>Preferences.  In GB-OS
       4.0, the default character set is selected at
       Configuration>Accounts>Preferences.

    1.2 Entering New Activation Codes
    
        If upgrading from 4.0.4 or below, new activation codes must be
        entered. GB-OS version 5.0.0 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local GTA channel
        partner or email sales@gta.com for information and pricing of
        upgrade options.
        
    1.3 Upgrading From GB-OS 3.4.0 Through GB-0S 4.0.2
    
        If upgrading from GB-OS 3.4 through GB-OS 4.0.2, it is necessary
        to first upgrade to an interim version of GB-OS before
        installing GB-OS 5.0.  For upgrade instructions, refer to
        Reference D in the GB-OS User's Guide.

    1.4 Upgrading Hard Drive GB-Ware Installations from 3.4.x to 5.0.0

        When upgrading a hard drive GB-Ware firewall from version 3.4.x 
        to 5.0.0:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.
        
    1.5 Upgrade Notes   
        
      1.5.1 Error Messages Upon Initial Reboot
    
            Upon rebooting after successful installation, the GTA
            Firewall UTM Appliance may display errors when accessed
            using the Web interface.  This is expected, these errors are
            generated because the browser’s cache is trying to access
            files and locations that no longer apply. Click OK to any
            displayed errors and refresh the browser window to access
            GB-OS 5.0. If the error messages persist, clear your
            browser’s cache.

      1.5.2 Default Login and Password Changes
        
            Firewall administrators who have never changed their default
            login and password in the Admin Accounts section of GB-OS
            3.x will find that their default account’s login information
            will no longer work with GB-OS 5.0.  After the firewall
            administrator has upgraded to GB-OS 5.0, their login and
            password will both default to "fwadmin".
            
      1.5.3 GB-250 Upgrade Notice
      
            GB-250 Firewall UTM Appliances may reboot multiple times,
            and may install GB-OS 5.0 on both memory slices during the
            upgrade process.  It is important that administrators DO NOT
            shut down their firewall when upgrading to GB-OS 5.0.  If
            GB-OS 5.0 is installed on both memory slices, it will not be
            possible to revert back to the previously installed version
            of GB-OS.
            
      1.5.4 GB Commander 1.1 No Longer Supported
      
            GTA Firewall UTM Appliances operating GB-OS 5.0 do not
            support GB Commander 1.1. As such, GB Commander 1.1
            administrators will no longer be able to monitor firewalls
            that have been upgraded to GB-OS 5.0.
            
            Administrators of GTA firewalls monitored by GB Commander
            1.1 may either upgrade their firewalls to GB-OS 5.0 and lose
            GB Commander support or they may wait until GB Commander 2.0
            has been released before they upgrade their firewalls to
            GB-OS 5.0.
                      
      1.5.5 VPN Object Names
    
            Previously defined VPN objects will have the GB-OS version
            number appended to their name after the GTA firewall has
            been upgraded to version 5.0.  For example, a VPN object
            with a name of IKE in GB-OS 3.7.0 will be named IKE_370
            after the upgrade.
          
      1.5.6 Service Group Object Modifications
          
            The built-in DNS Zone service group object has been merged
            with the DNS Lookups service group object.  Therefore,
            configurations that reference the now defunct DNS Zone
            service group object will need to be updated to reference
            the DNS Lookups service group object.    
        
    1.6 Platform Independent Web Interface
    
        GB-OS 5.0 includes a platform independent web interface which
        provides an improved workflow, user-friendly design with
        enhanced features such as offline configuration and verification
        using GB-OS 5.0's Test Mode. GBAdmin is not supported in
        GB-OS 4.0 and above.

    1.7 SSL Certificate Replacement

        GB-OS version 5.0.0 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  WIZARDS
    
    2.1 Modifications
    
        2.1.1   Configuration settings for date, time, time zone, and NTP
                added to the Basic Setup Wizard.
                GBOS5000003990
              
        2.1.2   Switching between Live and Test mode can no longer be
                performed until the Basic Setup Wizard has been
                cancelled or it has been run to enter initial settings.
                GBOS5000004123
                
        2.1.3   External PPTP interfaces generated by the Basic Setup
                Wizard are now named EXT_PPTP.              
                GBOS5000004322, GBOS5000004314      
                
    2.2 Bug Fixes
    
        2.2.1   External PPTP interfaces generated by the Basic Setup
                Wizard are now assigned to eth1.
                GBOS5000004313

3.  CONFIGURATION

    3.1 New Features
    
        3.1.1   GB-OS configurations are now imported and exported as
                XML files.
                GBOS5000002253, GBOS5000002542
                
        3.1.2   Configuration files can be exported manually by
                appending /config to the firewall's URL, or
                automatically by placing the URL with /config appended
                in a script.
                GBOS5000004228
                
        3.1.3   GB-OS configurations can now be encrypted and archived
                when emailed from the Web interface.
                GBOS5000004210      

    3.2 Enhancements
    
        3.2.1   The Audit Events log now records when a Live or
                Test mode configuration has been exported.
                GBOS5000004150
                
        3.2.2   The Audit Events log now records the sender and
                recipient when a GB-OS configuration is emailed.
                GBOS5000004149


4.  SYSTEM

    4.1 New Features
    
        4.1.1   GB-OS now keeps record of administrator access history
                in the System Overview screen.
                GBOS5000004357
                
        4.1.2   GB-OS now automatically generates an address object
                named 'Protected Networks' that defines all protected
                networks if the object is not present.
                GBOS5000004050      

    4.2 Enhancements
    
        4.2.1   The Audit Events section of the System Overview screen
                now recalls its previous state.
                GBOS5000004137
                
        4.2.2   Built-in, uneditable service group objects have been
                updated to include new services and revised
                descriptions.
                GBOS5000004441, GBOS5000004085, GBOS5000004186,
                GBOS5000004184, GBOS5000004316  
                
    4.3 Modifications
    
        4.3.1   Date and time settings can no longer be configured when
                working in Test mode.
                GBOS5000004129
                
        4.3.2   Time zone settings in the Date/Time screen are now
                configured using a pull down menu.
                GBOS5000003910
                
        4.3.3   The default address object 'Email Abuse Lists' now uses
                zen.spamhaus.org and list.dsbl.org.
                GBOS5000004125        
            
    4.4 Bug Fixes
                
        4.4.1   Address objects and service group objects no longer
                disallow entry of user-defined settings if a predefined
                setting has already been selected.
                GBOS5000004452        
    
 
5.  ACCOUNTS

    5.1 New Features
    
        5.1.1   Remote administration sessions can now be timed out
                after 60 minutes of inactivity.
                GBOS5000004236

    5.2 Enhancements
    
        5.2.1   Summaries of configured groups now display index
                numbers for subgroups and no longer display a configured
                VPN object if Mobile VPN settings have been disabled.
                GBOS5000004083, GBOS5000004084, GBOS5000004192,
                GBOS5000004191
                
        5.2.2   GB-OS now uses UTF-8 character encoding.  The ability
                to define a localized character in the Account
                Preferences screen has been removed.
                GBOS5000004410                  

    5.3 Modifications
    
        5.3.1   Configurations settings for GB-OS administrators now
                contain a Description field.
                GBOS5000003828 
             
                
6.  NETWORK

    6.1 Modifications
    
        6.1.1   Configuration settings for network timeouts have moved
                to Configure>Network>Timeouts.
                GBOS5000003387

    6.2 Bug Fixes
    
        6.2.1   GB-OS no longer crashes when network interfaces are
                bridged.
                GBOS5000004412
                
        6.2.2   GB-OS no longer crashes when more than twenty VLAN
                interfaces have been configured.
                GBOS5000004450
                
        6.2.3   The PPPoE Provider field is no longer displayed when
                configuring a serial PPP connection.
                GBOS5000004220
                
        6.2.4   GB-OS now properly routes gateway policy traffic
                through VLAN interfaces.
                GBOS5000004388
                

7.  SECURITY POLICIES

    7.1 New Features
    
        7.1.1   TCP SYN cookies can now be applied to remote access and
                pass through security policies.
                GBOS5000004212
                 
                 
8.  SERVICES

    8.1 New Features
    
        8.1.1   Network time servers can now be defined when creating a
                DHCP address range.
                GBOS5000004325
                
        8.1.2   The DHCP service now allows for the configuration of
                MTU options.
                GBOS5000004312      
                
        8.1.3   The SNMP service now transmits statistics on configured
                VLAN interfaces.
                GBOS5000003869
    
    8.2 Modifications
    
        8.2.1   H2A - High Availability updates of slave systems are
                now performed using Web interface administration port
                (TCP port 443).
                GBOS5000004142, GBOS5000004138
                
    8.3 Bug Fixes 
    
        8.3.1   The DHCP service no longer fails when network, alias,
                or VLAN configuration settings are saved.
                GBOS5000004060
                
        8.3.2   GB-OS no longer crashes when the DHCP service is
                enabled and runt packets are passing through the
                firewall.
                GBOS5000004458
                
        8.3.3   Aliases and security policies configured to use a VLAN
                interface no longer fail when GB-OS switches between 
                H2A – High Availability modes.
                GBOS5000004474, GBOS5000004485        
    
                   
9.  THREAT MANAGEMENT

    9.1 New Features
    
        9.1.1   Added an Intrusion Prevention System.
                GBOS5000004031
                
        9.1.2   Support for greylisting added to Mail Sentinel
                Anti-Spam.
                GBOS50000042011     
                
    9.2 Modifications
    
        9.2.1   Configuration settings for Surf Sentinel policies are
                now similar to other GB-OS configuration areas.
                GBOS5000004227
                
    9.3 Bug Fixes
    
        9.3.1   The Surf Sentinel proxy no longer performs a core dump
                during latency calculations.
                GBOS5000004460


10. VPN

    10.1 New Features
    
        10.1.1  X.509 certificate support added for VPN authentication.
                GBOS5000004032
                
        10.1.2  IKE VPN connections can now remain active using keep
                alive packets.
                GBOS5000002615
                
        10.1.3  Support added for network address translation through
                VPN connections.
                GBOS5000001406
                
        10.1.4  Pings through a VPN to a GTA Firewall UTM Appliance
                are not dropped if GB-OS is operating in stealth mode.
                GBOS5000004340
                
    10.2 Modifications
        
        10.2.1  The GB-250e Firewall UTM Appliance now blocks ping
                packets larger than 1,200 bytes through a VPN bound for
                the firewall.
                GBOS5000004365      
    
    10.3 Bug Fixes
    
        10.3.1  GB-OS now properly preserves VPN identity types during
                the upgrade process.
                GBOS5000004300
                
        10.3.2  IKE VPN connections now properly work over VLAN
                interfaces.
                GBOS5000004493
                
        10.3.3  GB-OS now properly initializes all ports used during VPN
                connections.
                GBOS5000004203      
                       
                
11.  ACTIVITY

    11.1 Modifications
    
        11.1.1  Mail Sentinel Anti-Virus statistics have been
                reorganized to better present displayed data.
                GBOS5000004043   
     
            
12. OPERATING SYSTEM

    12.1 New Features
    
        12.1.1  Icons now display the verification status of a
                configuration screen from within the menu of the Web
                interface. Icon states are verified (green), warning
                (yellow), and error (red).
                GBOS5000003845
                
        12.1.2  The Hints section of the Web interface can now be hidden
                to increase the display area for configuration settings.
                GBOS5000004104      
    
        12.1.3  Support added for SATA hard disk drives.
                GBOS5000002845
                
        12.1.4  Support added for TCP window scaling when TCP SYN
                cookies are in use.
                GBOS5000004063      
    
    12.2 Enhancements
    
        12.2.1  Verification of configuration settings has been improved.
                GBOS5000004390, GBOS5000004419, GBOS5000004323,
                GBOS5000003989, GBOS5000004245, GBOS5000004251,
                GBOS5000003831, GBOS5000004023, GBOS5000003601,
                GBOS5000003964, GBOS5000004386, GBOS5000004120
                
        12.2.2  The GB-OS Web interface now includes new techniques to
                improve display performance.
                GBOS5000004204, GBOS5000004170
                
        12.2.3  The GB-OS Web interface now includes a restyled
                Advanced tab.
                GBOS5000004105
                
        12.2.4  Improved support for the Intel 82571EB chipset.
                GBOS5000004160        
    
    12.3 Modifications
    
        12.3.1  GB-Ware is now a single runtime image. Settings to
                change access to the Console interface and to update the
                master boot record are now made from the Web interface.
                GBOS5000004068
    
        12.3.1  Support for ISA Ethernet adapters has been removed.
                GBOS5000004335
                
        12.3.2  BIND has been upgraded to version 9.4.1.
                GBOS5000004223
                
    12.4 Bug Fixes
    
        12.4.1  The GB-250's network interface card drivers have been
                updated to allow full duplex speeds when configured to
                operate at full duplex.
                GBOS5000004455
                          
               
13. RELEASE NOTES HISTORY

    13.1    Previous Release Notes
            These notes cover the 5.0.0 release of GB-OS. Release notes 
            for previous versions can be found at GTA's web site, 
            http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220

		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.