Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

   Title: GNAT Box Firewall System Release Notes
 Product: GNAT Box System Software Version 3.2.1
    Date: 01 August 2001

These Release Notes includes the following sections:

1. System Software
    1.1 Bug Fixes
    1.2 Enhancements and Changes

2. Services
    2.1 Bug Fixes
    2.2 Enhancements and Changes

3. User Interfaces - All Interfaces
    3.1 Bug Fixes
    3.2 Enhancements and Changes

4. GBAdmin User Interface
    4.1 Bug Fixes
    4.2 Enhancements and Changes

5. Console User Interface
    5.1 Bug Fixes
    5.2 Enhancements and Changes

6. Web Browser Interface
    6.1 Bug Fixes
    6.2 Enhancements and Changes

7. Verification 
    7.1 Bug Fixes
    7.2 Enhancements and Changes

8. Syslogger 
    8.1 Bug Fixes
    8.2 Enhancements and Changes

9. Installers 
    9.1 Bug Fixes
    9.2 Enhancements and Changes

----------------------------------------------------------------------

1.  System Software
1.1 Bug Fixes

  1. The StreamWorks protocol is not dead as previously thought.

     Resolution: Add support for the StreamWorks protocol that 
     was removed in version 3.1.2.

  2. When using PPPoE and ADSL users were unable to PUT large files 
     with FTP or POST large file with HTTP.

     Resolution: If packets are received with too large of an MTU for an 
     interface and the "don't fragment" bit is set, make sure ICMP 
     "need fragment packet" type messages are generated.

  3. GNAT Box Pro and GNAT Box Light runtime images getting to big
     to fit on a 1.44MB floppy diskette.

     Resolution: Remove unused serial port driver and FDDI driver.

  4. GNAT Box Pro PPP runtime image is getting to big to fit on 
     a 1.44Mb floppy diskette.

     Resolution: Remove 'tl', 'tx', and 'vr' drivers.

  5. Thew GB-100 runtime image is getting too big to fit into flash. 

     Resolution: Remove unused serial port and parallel port drivers.

  6. Some very heavily loaded NetBIOS sites are running out of reserved 
     ports when not using a backup domain controller (BDC).

     Resolution: Make reserved ports close immediately when close time 
     is reached. Map NetBIOS name service (UDP port 137) connections to 
     non-reserved port when performing NAT. Monitor NetBIOS Datagram 
     Service (UDP port 138) and immediately close the connection when the 
     last packet is seen. Change default time-out for datagram service to 
     15 seconds from 30 seconds.

  7. When checking to see if logging for a facility is disabled a 
     priority of '0' is being used. This value is a valid priority 
     for 'emergency' and conflicts.

     Resolution: Make checks for logging being disabled check for a 
     priority of LOG_NOPRI instead of '0'.

  8. The "CONNECT" method not supported by transparent HTTP proxy.

     Resolution: Add support for missing HTTP methods, "CONNECT",
     "OPTIONS", "PUT", "DELETE" and "TRACE".

  9. Ethernet has a max MTU of 1500 and PPPoE has an overhead of 8 bytes.
     This 8 byte overhead normally requires IP protocols being transfered 
     via PPPoE to have an MTU of 1492.  For unknown reasons some PPPoE 
     implementations require an MTU other than 1492 to be used.

     Resolution: Use the MTU configured for the PPPoE NIC as the max
     MTU/MRU when negotiating PPPoE. For most users the PPPoE MTU value
     should be 1492.

1.2 Enhancements and Changes
  1. Remove unused mouse driver from all products that include
     video support. 

  2. Add 'nge' gigabit driver to GB-1000 and GB-Flash products. The nge 
     driver supports NICs based upon the National Semiconductor DP83820 and 
     DP83821 chipsets.

  3. Replace 'vx' driver with 'nge' gigabit driver in GNAT Box Pro.

  4. Change IP address spoof checker to check for spoofs originating from 
     protected networks.

  5. Add syslog priorities to filters. The priority will be used to 
     determine the log level.

  6. Limit ICMP packets directed at the firewall to 100 per second to
     increase robustness in the prevention of DOS attacks.  Also added
     a log message recording the event.

  7. Limit ICMP packets for all inbound tunnels to 100 per second to 
     increase robustness in the prevention of DOS attacks.  Also added
     a log message recording the event.


2. Services
2.1 Bug Fixes

  1. Key renegotiation with VPN client sometimes failing.

     Resolution: Correctly calculate key renegotiation time.

  2. Initial connection from VPN client fails on first attempt but works 
     on second.

     Resolution: For mobile connections create the security policy and 
     continue with processing instead of expecting subsequent connections 
     to finish the processing.

  3. Generating page for alarm threshold requires email to be enabled.
     Resolution: Check for alarm threshold even if email disabled.

2.2 Enhancements and Changes
  1. Add priority and filter number to email alarm report.

  2. As of 31 July 2001 the Mail Abuse Prevention System (MAPS) service
     is no longer a free service.  If you wish to use the MAPS system
     you'll need to purchase a subscription agreement with Mail Abuse
     Prevention System, LLC. More information can be found on their
     web site: http://mail-abuse.org. 

  3. WebSense has discontinued the WebSense 3.x Open Server software.
     Existing 3.x subscription agreements will be honored by WebSense, 
     however no support for WebSense 4.x products will be included in
     future GTA firewall products. 

3. User Interfaces - All Interfaces
3.1 Bug Fixes 

  1. Flash and GB-PRO not displaying feature description if no dongle 
     and feature requires a dongle.

     Resolution: Build description for features requiring dongle even 
     if dongle not present.

  2. Remote logging dialogs setting priority to '0' when none selected.

     Resolution: If none selected set priority to LOG_NOPRI.

3.2 Enhancements and Changes
  1. Add table showing mobile VPN lease expiration time to active 
     VPN connections.
  2. Add ability to specify log level to filters.

  3. Add ability to configure filter priority. Move "Log" to action 
     to make room.

4. GBAdmin User Interface
4.1 Bug Fixes 

  1.  When editing a VPN configuration you are required to enter the 
      IP addresses before continuing.

      Resolution: You are no longer required to enter the IP addresses.

  2.  Cut and paste broken for Inbound Tunnel.

      Resolution: Function parameter for a virtual function changed and it 
      did not get updated in the Inbound Tunnel grid code. Made sure all 
      functions that reference a row or column use the proper data type.

  3.  Feature codes require you to reload the screen before you can see the 
      description when online.

      Resolution: When the feature code screen is saved it will now be 
      reloaded automatically if online.

  4.  The tab order of the VPN screen is not correct for mobile option.

      Resolution: Updated the tab order in the resource file.

  5.  Using the WWW interface you can disable the time based filter option 
      for a filter. You can not with GBadmin.

      Resolution: Added a push button control to allow the user to 
      disable the time based option for a filter.

  6.  The layout of the "Remote Logging" dialog is a bit confusing.

      Resolution: Relayed out the Remote Logging screen. All of the same 
      fields are there, but they are labeled consistent with the WWW interface.

  7.  On the remote logging screen the priority option text is not 
      consistent with the WWW interface.

      Resolution: Made the priority text consistent with the WWW interface.

  8.  In the Filter Logging Preferences dialog the "All" for the protocol 
      did not match the rest of GBadmin.

      Resolution: Changed "All" to be "" to match rest of GBadmin.

  9.  On the DNS server dialog. When you press the insert key for the 
      secondary server. There is no indication that a new entry has been 
      added.
 
      Resolution: When you press the insert key the new entry will be 
      highlighted and have the input focus.

  10. On the DNS server screen. You can add more Secondary DSN servers 
      than are allowed.

      Resolution: Disabled the addition of more than three secondary servers.

  11. On the DNS server screen. When a new mail exchanger is added there 
      is no indication that the new item has been added.

      Resolution: When you insert a new item the new entry will be 
      highlighted and have the input focus.

  12  If you were on-line to a GNAT Box, and opened a new file. The 
      connection to the old GNAT Box was not dropped.

      Resolution: When you open a new file or connection the old connection 
      will be dropped first.

  13. When editing the High Availability screen a message (CMD=205) was 
      being sent to the GNAT Box to determine the High Availability state. 
      This message only needs to be sent if High Availability is enabled.

      Resolution: Will now only query for the High Availability status if 
      HA is enabled and the product is GB-1000

  14. For Filter/Preferences/General screen the actions for Doorknob twist 
      is not displayed properly.

      Resolution: The value was being saved properly in the data structure. 
      However it was not being loaded from the correct location.

  15. The facilities for Remote logging do not match what is being used 
      for the web interface.

      Resolution: We now use the same table for the web and GBAdmin

4.2 Enhancements and Changes

  1.  For a mobile VPN the default mask will be "255.255.255.255" if you 
      have changed this value it will retain your setting.

  2.  Added cut & paste for the VPN's. This was done using the windows 
      clipboard which will allow the user to cut & paste between two 
      GBAdmin applications.

  3.  Added cut & paste for the Address Objects. This was done using the 
      windows clipboard which will allow the user to cut & paste between 
      two GBAdmin applications. You can copy the whole list of address 
      objects, or any individual address object. But, at the current time 
      you can not copy an address range.

  4.  Modified cut & paste for the filters. This was done using the 
      windows clipboard which will allow the user to cut & paste between 
      two GBAdmin applications. You can copy as many filter items as you 
      like by highlighting them and hitting .

5. Console User Interface
5.1 Bug Fixes
    None

5.2 Enhancements and Changes
    None

6. Web Browser Interface
6.1 Bug Fixes
  1.  If browser connecting to WWW port closes connection before GNAT Box 
      has a chance to accept connection, WWW Admin service shutting down.

      Resolution: If accept fails, don't shutdown.

  2.  The use of ALL and ANY is inconsistent between WWW and GBAdmin.
      Resolution: Change WWW interface to use  and .

6.2 Enhancements and Changes
None

7. Verification 
7.1 Bug Fixes
  1.  DNS verification for existence of mail exchanger only checks 
      current domain.
      Resolution: Look in all configured domains for existence of host 
      configured as mail exchanger.

7.2 Enhancements and Changes
  1.  Have VPN verification generate a warning if multiple VPNs use the 
      same identity.
  2.  Have VPN verification generate a warning if multiple VPNs reference 
      the same remote network.

8. Syslogger 
8.1 Bug Fixes
    None
8.2 Enhancements and Changes
    None

9. Installers 
9.1 Bug Fixes
    1. USB floppy drives using SMSC controller chip don't work with GB-1000 
       installer/restore.

    Resolution:	USB floppy drives using SMSC controller chip don't support 
    6 byte commands, pad all commands to 10 bytes. 

9.2 Enhancements and Changes
    None		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.