Global Technology Associates, Inc.
Title: GNAT Box Firewall System Release Notes
Product: GNAT Box System Software Version 3.2.1
Date: 01 August 2001
These Release Notes includes the following sections:
1. System Software
1.1 Bug Fixes
1.2 Enhancements and Changes
2. Services
2.1 Bug Fixes
2.2 Enhancements and Changes
3. User Interfaces - All Interfaces
3.1 Bug Fixes
3.2 Enhancements and Changes
4. GBAdmin User Interface
4.1 Bug Fixes
4.2 Enhancements and Changes
5. Console User Interface
5.1 Bug Fixes
5.2 Enhancements and Changes
6. Web Browser Interface
6.1 Bug Fixes
6.2 Enhancements and Changes
7. Verification
7.1 Bug Fixes
7.2 Enhancements and Changes
8. Syslogger
8.1 Bug Fixes
8.2 Enhancements and Changes
9. Installers
9.1 Bug Fixes
9.2 Enhancements and Changes
----------------------------------------------------------------------
1. System Software
1.1 Bug Fixes
1. The StreamWorks protocol is not dead as previously thought.
Resolution: Add support for the StreamWorks protocol that
was removed in version 3.1.2.
2. When using PPPoE and ADSL users were unable to PUT large files
with FTP or POST large file with HTTP.
Resolution: If packets are received with too large of an MTU for an
interface and the "don't fragment" bit is set, make sure ICMP
"need fragment packet" type messages are generated.
3. GNAT Box Pro and GNAT Box Light runtime images getting to big
to fit on a 1.44MB floppy diskette.
Resolution: Remove unused serial port driver and FDDI driver.
4. GNAT Box Pro PPP runtime image is getting to big to fit on
a 1.44Mb floppy diskette.
Resolution: Remove 'tl', 'tx', and 'vr' drivers.
5. Thew GB-100 runtime image is getting too big to fit into flash.
Resolution: Remove unused serial port and parallel port drivers.
6. Some very heavily loaded NetBIOS sites are running out of reserved
ports when not using a backup domain controller (BDC).
Resolution: Make reserved ports close immediately when close time
is reached. Map NetBIOS name service (UDP port 137) connections to
non-reserved port when performing NAT. Monitor NetBIOS Datagram
Service (UDP port 138) and immediately close the connection when the
last packet is seen. Change default time-out for datagram service to
15 seconds from 30 seconds.
7. When checking to see if logging for a facility is disabled a
priority of '0' is being used. This value is a valid priority
for 'emergency' and conflicts.
Resolution: Make checks for logging being disabled check for a
priority of LOG_NOPRI instead of '0'.
8. The "CONNECT" method not supported by transparent HTTP proxy.
Resolution: Add support for missing HTTP methods, "CONNECT",
"OPTIONS", "PUT", "DELETE" and "TRACE".
9. Ethernet has a max MTU of 1500 and PPPoE has an overhead of 8 bytes.
This 8 byte overhead normally requires IP protocols being transfered
via PPPoE to have an MTU of 1492. For unknown reasons some PPPoE
implementations require an MTU other than 1492 to be used.
Resolution: Use the MTU configured for the PPPoE NIC as the max
MTU/MRU when negotiating PPPoE. For most users the PPPoE MTU value
should be 1492.
1.2 Enhancements and Changes
1. Remove unused mouse driver from all products that include
video support.
2. Add 'nge' gigabit driver to GB-1000 and GB-Flash products. The nge
driver supports NICs based upon the National Semiconductor DP83820 and
DP83821 chipsets.
3. Replace 'vx' driver with 'nge' gigabit driver in GNAT Box Pro.
4. Change IP address spoof checker to check for spoofs originating from
protected networks.
5. Add syslog priorities to filters. The priority will be used to
determine the log level.
6. Limit ICMP packets directed at the firewall to 100 per second to
increase robustness in the prevention of DOS attacks. Also added
a log message recording the event.
7. Limit ICMP packets for all inbound tunnels to 100 per second to
increase robustness in the prevention of DOS attacks. Also added
a log message recording the event.
2. Services
2.1 Bug Fixes
1. Key renegotiation with VPN client sometimes failing.
Resolution: Correctly calculate key renegotiation time.
2. Initial connection from VPN client fails on first attempt but works
on second.
Resolution: For mobile connections create the security policy and
continue with processing instead of expecting subsequent connections
to finish the processing.
3. Generating page for alarm threshold requires email to be enabled.
Resolution: Check for alarm threshold even if email disabled.
2.2 Enhancements and Changes
1. Add priority and filter number to email alarm report.
2. As of 31 July 2001 the Mail Abuse Prevention System (MAPS) service
is no longer a free service. If you wish to use the MAPS system
you'll need to purchase a subscription agreement with Mail Abuse
Prevention System, LLC. More information can be found on their
web site: http://mail-abuse.org.
3. WebSense has discontinued the WebSense 3.x Open Server software.
Existing 3.x subscription agreements will be honored by WebSense,
however no support for WebSense 4.x products will be included in
future GTA firewall products.
3. User Interfaces - All Interfaces
3.1 Bug Fixes
1. Flash and GB-PRO not displaying feature description if no dongle
and feature requires a dongle.
Resolution: Build description for features requiring dongle even
if dongle not present.
2. Remote logging dialogs setting priority to '0' when none selected.
Resolution: If none selected set priority to LOG_NOPRI.
3.2 Enhancements and Changes
1. Add table showing mobile VPN lease expiration time to active
VPN connections.
2. Add ability to specify log level to filters.
3. Add ability to configure filter priority. Move "Log" to action
to make room.
4. GBAdmin User Interface
4.1 Bug Fixes
1. When editing a VPN configuration you are required to enter the
IP addresses before continuing.
Resolution: You are no longer required to enter the IP addresses.
2. Cut and paste broken for Inbound Tunnel.
Resolution: Function parameter for a virtual function changed and it
did not get updated in the Inbound Tunnel grid code. Made sure all
functions that reference a row or column use the proper data type.
3. Feature codes require you to reload the screen before you can see the
description when online.
Resolution: When the feature code screen is saved it will now be
reloaded automatically if online.
4. The tab order of the VPN screen is not correct for mobile option.
Resolution: Updated the tab order in the resource file.
5. Using the WWW interface you can disable the time based filter option
for a filter. You can not with GBadmin.
Resolution: Added a push button control to allow the user to
disable the time based option for a filter.
6. The layout of the "Remote Logging" dialog is a bit confusing.
Resolution: Relayed out the Remote Logging screen. All of the same
fields are there, but they are labeled consistent with the WWW interface.
7. On the remote logging screen the priority option text is not
consistent with the WWW interface.
Resolution: Made the priority text consistent with the WWW interface.
8. In the Filter Logging Preferences dialog the "All" for the protocol
did not match the rest of GBadmin.
Resolution: Changed "All" to be "" to match rest of GBadmin.
9. On the DNS server dialog. When you press the insert key for the
secondary server. There is no indication that a new entry has been
added.
Resolution: When you press the insert key the new entry will be
highlighted and have the input focus.
10. On the DNS server screen. You can add more Secondary DSN servers
than are allowed.
Resolution: Disabled the addition of more than three secondary servers.
11. On the DNS server screen. When a new mail exchanger is added there
is no indication that the new item has been added.
Resolution: When you insert a new item the new entry will be
highlighted and have the input focus.
12 If you were on-line to a GNAT Box, and opened a new file. The
connection to the old GNAT Box was not dropped.
Resolution: When you open a new file or connection the old connection
will be dropped first.
13. When editing the High Availability screen a message (CMD=205) was
being sent to the GNAT Box to determine the High Availability state.
This message only needs to be sent if High Availability is enabled.
Resolution: Will now only query for the High Availability status if
HA is enabled and the product is GB-1000
14. For Filter/Preferences/General screen the actions for Doorknob twist
is not displayed properly.
Resolution: The value was being saved properly in the data structure.
However it was not being loaded from the correct location.
15. The facilities for Remote logging do not match what is being used
for the web interface.
Resolution: We now use the same table for the web and GBAdmin
4.2 Enhancements and Changes
1. For a mobile VPN the default mask will be "255.255.255.255" if you
have changed this value it will retain your setting.
2. Added cut & paste for the VPN's. This was done using the windows
clipboard which will allow the user to cut & paste between two
GBAdmin applications.
3. Added cut & paste for the Address Objects. This was done using the
windows clipboard which will allow the user to cut & paste between
two GBAdmin applications. You can copy the whole list of address
objects, or any individual address object. But, at the current time
you can not copy an address range.
4. Modified cut & paste for the filters. This was done using the
windows clipboard which will allow the user to cut & paste between
two GBAdmin applications. You can copy as many filter items as you
like by highlighting them and hitting .
5. Console User Interface
5.1 Bug Fixes
None
5.2 Enhancements and Changes
None
6. Web Browser Interface
6.1 Bug Fixes
1. If browser connecting to WWW port closes connection before GNAT Box
has a chance to accept connection, WWW Admin service shutting down.
Resolution: If accept fails, don't shutdown.
2. The use of ALL and ANY is inconsistent between WWW and GBAdmin.
Resolution: Change WWW interface to use and .
6.2 Enhancements and Changes
None
7. Verification
7.1 Bug Fixes
1. DNS verification for existence of mail exchanger only checks
current domain.
Resolution: Look in all configured domains for existence of host
configured as mail exchanger.
7.2 Enhancements and Changes
1. Have VPN verification generate a warning if multiple VPNs use the
same identity.
2. Have VPN verification generate a warning if multiple VPNs reference
the same remote network.
8. Syslogger
8.1 Bug Fixes
None
8.2 Enhancements and Changes
None
9. Installers
9.1 Bug Fixes
1. USB floppy drives using SMSC controller chip don't work with GB-1000
installer/restore.
Resolution: USB floppy drives using SMSC controller chip don't support
6 byte commands, pad all commands to 10 bytes.
9.2 Enhancements and Changes
None
|
|
Copyright © 2013 Global Technology Associates, Inc. All rights reserved.
'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.
