Unified Threat Management - Support | GTA, Inc.

		

                         GB-OS FIREWALL SOFTWARE
                            VERSION 5.0.1
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 5.0.1
Date:       5 July 2007

-------------------------------------------------------------------------
GB-OS version 5.0.1 includes updated versions of the following GTA
products and utilities:

    GB-OS                       5.0.1

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  WIZARDS

3.  CONFIGURATION

4.  SYSTEM

5.  NETWORK

6.  SECURITY POLICIES

7.  THREAT MANAGEMENT

8.  VPN

9.  ACTIVITY

10. OPERATING SYSTEM

11. RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Corrupt Names and Descriptions
      
       GB-OS 5.0 uses the UTF-8 character set, wherein the past previous
       versions of GB-OS allowed administrators to select the character
       set according to their locale. Before upgrading to GB-OS 5.0, it is
       necessary to match your web browser's character set with the
       character set used by GB-OS.  In GB-OS 3.x, the default character
       set is selected at Basic Configuration>Preferences.  In GB-OS
       4.0, the default character set is selected at
       Configuration>Accounts>Preferences.

    1.2 Entering New Activation Codes
    
        If upgrading from 4.0.4 or below, new activation codes must be
        entered. GB-OS version 5.0.1 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local GTA channel
        partner or email sales@gta.com for information and pricing of
        upgrade options.
        
    1.3 Upgrading From GB-OS 3.4.0 Through GB-0S 4.0.2
    
        If upgrading from GB-OS 3.4 through GB-OS 4.0.2, it is necessary
        to first upgrade to an interim version of GB-OS before
        installing GB-OS 5.0.  For upgrade instructions, refer to
        Reference D in the GB-OS User's Guide.

    1.4 Upgrading Hard Drive GB-Ware Installations from 3.4.x to 5.0.1

        When upgrading a hard drive GB-Ware firewall from version 3.4.x 
        to 5.0.1:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.
        
    1.5 Upgrade Notes   
        
      1.5.1 Error Messages Upon Initial Reboot
    
            Upon rebooting after successful installation, the GTA
            Firewall UTM Appliance may display errors when accessed
            using the Web interface.  This is expected, these errors are
            generated because the browser's cache is trying to access
            files and locations that no longer apply. Click OK to any
            displayed errors and refresh the browser window to access
            GB-OS 5.0. If the error messages persist, clear your
            browser's cache.

      1.5.2 Default Login and Password Changes
        
            Firewall administrators who have never changed their default
            login and password in the Admin Accounts section of GB-OS
            3.x will find that their default account's login information
            will no longer work with GB-OS 5.0.  After the firewall
            administrator has upgraded to GB-OS 5.0, their login and
            password will both default to "fwadmin".
            
      1.5.3 GB-250 Upgrade Notice
      
            GB-250 Firewall UTM Appliances may reboot multiple times,
            and may install GB-OS 5.0 on both memory slices during the
            upgrade process.  It is important that administrators DO NOT
            shut down their firewall when upgrading to GB-OS 5.0.  If
            GB-OS 5.0 is installed on both memory slices, it will not be
            possible to revert back to the previously installed version
            of GB-OS.
            
      1.5.4 GB Commander 1.1 No Longer Supported
      
            GTA Firewall UTM Appliances operating GB-OS 5.0 do not
            support GB Commander 1.1. As such, GB Commander 1.1
            administrators will no longer be able to monitor firewalls
            that have been upgraded to GB-OS 5.0.
            
            Administrators of GTA firewalls monitored by GB Commander
            1.1 may either upgrade their firewalls to GB-OS 5.0 and lose
            GB Commander support or they may wait until GB Commander 2.0
            has been released before they upgrade their firewalls to
            GB-OS 5.0.
                      
      1.5.5 VPN Object Names
    
            Previously defined VPN objects will have the GB-OS version
            number appended to their name after the GTA firewall has
            been upgraded to version 5.0.  For example, a VPN object
            with a name of IKE in GB-OS 3.7.0 will be named IKE_370
            after the upgrade.
          
      1.5.6 Service Group Object Modifications
          
            The built-in DNS Zone service group object has been merged
            with the DNS Lookups service group object.  Therefore,
            configurations that reference the now defunct DNS Zone
            service group object will need to be updated to reference
            the DNS Lookups service group object.    
        
    1.6 Platform Independent Web Interface
    
        GB-OS 5.0 includes a platform independent web interface which
        provides an improved workflow, user-friendly design with
        enhanced features such as offline configuration and verification
        using GB-OS 5.0's Test Mode. GBAdmin is not supported in
        GB-OS 4.0 and above.

    1.7 SSL Certificate Replacement

        GB-OS version 5.0 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  WIZARDS
    
    2.1 Modifications
    
        2.1.1   The VPN Setup Wizard now properly applies user defined
                settings.
                GBOS5010004545 


3.  CONFIGURATION

   3.1 Enhancements
    
        3.1.1   Exported configurations now reference an XML schema,
                available online.
                GBOS5010004567, GBOS5010004456


4.  SYSTEM

    4.1 Modifications
    
        4.1.1   VPN object names that are automatically appended with
                the GB-OS version number during the upgrade process are
                now truncated to prevent the object name from exceeding
                the maximum allowed length.
                GBOS5010004559
                
        4.1.2   Four new built-in address objects (FW ALL Interfaces,
                FW EXT Interfaces, FW PRO Interfaces, FW PSN Interfaces)
                have been added to reference defined interfaces
                throughout the configuration.
                GBOS5010004571
                
        4.1.3   The Available Updates pop-up in the Runtime Updates
                screen now differentiates between new, available feature
                activation codes and new, available versions of GB-OS.
                GBOS5010004547
                
                
5.  NETWORK

    5.1 Bug Fixes
    
        5.1.1   Aliases no longer fail to match PPPoE interfaces.
                GBOS5010004581
                
        5.1.2   Load times of web pages through an HTTP inbound tunnel
                with SYN cookies enabled have been improved.
                GBOS5010004542
                
        5.1.3   Bridged packets are now correctly reassembled.
                GBOS5010004587
                
        5.1.4   Gateway Failover no longer fails to ping beacons that
                are more than one hop away from the firewall.
                GBOS5010004596        
                

6.  SECURITY POLICIES

    6.1 Modifications
    
        6.1.1   Inbound traffic arriving at the firewall through a VPN,
                which is destined for a service on the firewall, is now
                controlled only by VPN policies instead of by both
                remote access policies and VPN policies.
                GBOS5010004570, GBOS5010004523, GBOS5010004520

    6.2 Bug Fixes
    
        6.2.1   Enabling the SNMP Trap or Stop Interface action in a
                security policy no longer enables both actions.
                GBOS5010004539
                
        6.2.2   GB-OS now properly generates default remote access
                policies for inbound tunnels that use port redirection.
                GBOS5010004531
                
        6.2.3   VPN policies no longer fail to match ports.
                GBOS5010004566
                
        6.2.4   Pass through policies no longer fail to match ports in
                bridged broadcast packets.
                GBOS5010004585        
                 
                   
7.  THREAT MANAGEMENT

    7.1 Modifications
    
        7.1.1   IPS policies have been updated and improved.
                GBOS5010004575
                
        7.1.2   Updates to IPS Setup Wizard settings and IPS group
                definitions are now logged.
                GBOS5010004577
                
        7.1.3   Unnecessary messages generated by the IPS proxy
                pertaining to HTTP traffic are no longer logged.
                GBOS5010004588        

    7.2 Bug Fixes
    
        7.2.1   Mail Sentinel policies now properly display user
                defined quarantine settings for Mail Sentinel Anti-Virus
                and Mail Sentinel Anti-Spam when the quarantine field's
                enable checkbox has been enabled, then disabled, and
                then enabled again.
                GBOS5010004540
                
        7.2.2   GB-OS now updates FTP data channels to use the same MAC
                address as command channels when in bridging mode.
                GBOS5010004435        


8. VPN

    8.1 Bug Fixes
    
        8.1.1   GB-OS no longer crashes IKE VPNs when the VPN uses an
                encryption object with the Key Group field set to 'any'
                and the firewall has been upgraded from GB-OS 4.0.4.
                GBOS5010004546
                
        8.1.2   GB-OS service response packets to a local subnet of a
                remote VPN supernet are no longer sent over the VPN.
                GBOS5010004599        
                       
                
9.  ACTIVITY

    9.1 Modifications
    
        9.1.1   Traffic shaping settings are now correctly displayed in
                the Summary screen.
                GBOS5010004576
     
            
10. OPERATING SYSTEM
    
    10.1 Enhancements
    
        10.1.1  Verification of configuration settings has been
                improved.
                GBOS5010004537, GBOS5010004530, GBOS5010004560.
                GBOS5010004582
                
        10.1.2  Validation of TCP reset packets has been improved.
                GBOS5010004580      
    
    10.2 Modifications
    
        10.2.1  Hints have been updated and improved.
                GBOS5010004053, GBOS5010004065  
                
    10.3 Bug Fixes
    
        10.3.1  Configurations that contain service group objects with
                embedded objects no longer become corrupt when
                exported from GB-OS.
                GBOS5010004521
                
        10.3.2  Verification of address objects is no longer a CPU
                intensive process.
                GBOS5010004530
          
               
11. RELEASE NOTES HISTORY

    11.1    Previous Release Notes
            These notes cover the 5.0.1 release of GB-OS. Release notes 
            for previous versions can be found at GTA's web site, 
            http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.