GB-OS FIREWALL SOFTWARE
VERSION 4.0.5
RELEASE NOTES
Author: Global Technology Associates, Inc.
Product: GB-OS version 4.0.5
Date: 24 August 2007
-------------------------------------------------------------------------
GB-OS version 4.0.5 includes updated versions of the following GTA
products and utilities:
GB-OS 4.0.5
Release notes are located on the installation CD and on GTA's web site.
For more about upgrading related software, see individual product
release notes.
-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
2. WIZARDS
3. CONFIGURATION
4. SYSTEM
5. ACCOUNTS
6. NETWORK
7. SECURITY POLICIES
8. SERVICES
9. THREAT MANAGEMENT
10. ACTIVITY
11. OPERATING SYSTEM
12. RELEASE NOTES HISTORY
-------------------------------------------------------------------------
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 3.7.3 or below, new activation codes must be
entered. GB-OS version 4.0.5 is available at no charge to
customers with a GTA support contract or annual maintenance
agreement, or for customers with a GTA firewall operating on
GB-OS version 4.0.0. Other users should contact their local
GTA channel partner or email sales@gta.com for information and
pricing of upgrade options.
1.2 Upgrading from GB-OS 3.5 or Below
If upgrading from GB-OS 3.5 or below, it is necessary to first
upgrade to an interim version of GB-OS before installing GB-OS
4.0. For upgrade instructions, refer to Reference D in the
GB-OS User's Guide.
1.3 Upgrading Hard Drive GB-Ware Installations from 3.5.x to 4.0.5
When upgrading a hard drive GB-Ware firewall from version 3.5.x
to 4.0.5:
1. Back up the firewall configuration.
2. Reinstall the firewall software completely from the CD.
3. Restore the configuration.
The GB-Ware CD image (ISO-9660) is available for download from
GTA's Online Support Center
(https://www.gta.com/support/center/login/). Failure to reinstall
from CD may cause hard drive geometry errors that prevent the
upgrade.
1.4 Upgrading from GB-OS 3.7.2 and Below
1.4.1 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
firewall may display errors when accessed using the Web
interface. This is expected, these errors are generated
because the browser's cache is trying to access files and
locations that no longer apply. Click OK to any displayed
errors and refresh the browser window to access GB-OS 4.0.
If the error messages persist, clear your browser's cache.
1.4.2 Default Login and Password Changes
Firewall administrators who have never changed their default
login and password in the Admin Accounts section of GB-OS
3.x will find that their default account's login information
will no longer work with GB-OS 4.0. After the firewall
administrator has upgraded to GB-OS 4.0, their login and
password will both default to "fwadmin".
1.4.3 User Group Assignments When Upgrading From Previous Versions
When upgrading to GB-OS 4.0.5, users will automatically be
organized into groups based on the name of the their VPN
object. For example, a user that made use of a VPN object
with a name of Marketing Department will be assigned to a
group named Marketing Department, while a user that made use
of a VPN object with the name of MOBILE will be assigned to
a group named MOBILE.
Users that have no VPN object assigned to them will be
organized into groups based on the GB-OS version that the
administrator is upgrading from, such as Users_372.
1.4.4 Static Gateway to Static Gateway VPN Failure
Firewall administrators that have a configured VPN between
two static gateways may find that their VPN no longer
functions after they have upgraded to GB-OS 4.0. This is
caused when the firewall administrator had a local identity
configured in the Authorization>VPN section on their GTA
firewall before it was upgraded to GB-OS 4.0. GB-OS
versions prior to GB-OS 4.0 ignored this field when a static
gateway to static gateway VPN was configured; in GB-OS 4.0,
the local identity is recognized and can result in a failure
when a VPN connection previously worked. To correct this
issue, simply navigate to Configuration>VPN>IPSec Tunnels
and edit the IPSec tunnel in question by setting the local
identity to IP Address.
1.4.5 Restrictive VPN Configurations
When upgrading to GB-OS 4.0, firewall administrators may
need to rebuild their VPN policies. In previous versions of
GB-OS, VPN access was controlled using pass through filters.
In GB-OS 4.0, VPN access is controlled using VPN policies
which allow all VPN traffic by default. Firewall
administrators who have upgraded to GB-OS 4.0 will need to
manually recreate any restrictive VPN policies.
1.4.6 VPN Object Names
Previously defined VPN objects will have the GB-OS version
number appended to their name after the GTA firewall has
been upgraded to version 4.0. For example, a VPN object
with a name of IKE in GB-OS 3.7.0 will be named IKE_370
after the upgrade.
1.4.7 Address Object Identification
Previously defined address objects that were of type IP
Addresses will be re-categorized as being of type All after
the GTA firewall has been upgraded to version 4.0.
1.5 Upgrading from GB-OS 4.0.0 or 4.0.1
1.5.1 Service Group Object Modifications
The built-in DNS Zone service group object has been merged
with the DNS Lookups service group object. Because of this
merger, configurations that reference the now defunct DNS Zone
service group object will need to be updated to reference the
DNS Lookups service group object.
1.6 Platform Independent Web Interface
GB-OS 4.0 includes a platform independent web interface which
provides an improved workflow, user-friendly design with
enhanced features such as offline configuration and verification
using GB-OS 4.0's Test Mode. GBAdmin is not supported by
GB-OS 4.0.
1.7 SSL Certificate Replacement
GB-OS version 4.0.5 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
2. WIZARDS
2.1 Modifications
2.1.1 External PPTP interfaces generated by the Basic Setup
Wizard are now named EXT_PPTP.
GBOS4050004322, GBOS4050004314
2.1.2 Switching between Live and Test mode can no longer be
performed until the Basic Setup Wizard has been
cancelled or it has been run to enter initial settings.
GBOS4050004123
2.2 Bug Fixes
2.2.1 External PPTP interfaces generated by the Basic Setup
Wizard are now assigned to eth1.
GBOS4050004313
3. CONFIGURATION
3.1 Modifications
3.1.1 Exported configuration files are no longer marked as
cache-able.
GBOS4050004233
4. SYSTEM
4.1 Modifications
4.1.1 Disabled VLANs and aliases now appear in drop-down
lists when defining and editing address objects.
GBOS4050004613
4.1.2 VPN object names that are automatically appended with
the GB-OS version number during the upgrade process are
now truncated to prevent the object name from exceeding
the maximum allowed length.
GBOS4050004559
4.2 Bug Fixes
4.2.1 Address objects and service group objects no longer
disallow entry of user-defined settings if a predefined
setting has already been selected.
GBOS4050004452
5. ACCOUNTS
5.1 Bug Fixes
5.1.1 The Authentication screen now correctly saves bind
options and remembers the state of advanced tabs.
GBOS4050004667
5.1.2 Settings configured in the Authentication screen now
properly take effect when saved.
GBOS4050004687
6. NETWORK
6.1 Bug Fixes
6.1.1 The PPPoE Provider field is no longer displayed when
configuring a serial PPP connection.
GBOS4050004220
7. SECURITY POLICIES
7.1 New Features
7.1.1 TCP SYN cookies can now be applied to remote access and
pass through security policies.
GBOS4050004212
7.2 Bug Fixes
7.2.1 Enabling the SNMP Trap or Stop Interface action in a
security policy no longer enables both actions.
GBOS4050004539
7.2.1 GB-OS now properly generates default remote access
policies for inbound tunnels that use port redirection
without using automatic policies.
GBOS4050004531
8. SERVICES
8.1 Bug Fixes
8.1.1 GB-OS no longer crashes when the DHCP service is
enabled and runt packets are passing through the
firewall.
GBOS4050004458
8.1.2 The DHCP Server is now authoritative for the configured
address ranges, allowing it to send DHCPNAKs to clients
sending a DHCPREQUEST for an address it cannot hand out.
GBOS4050004504
9. THREAT MANAGEMENT
9.1 Bug Fixes
9.1.1 Definition file limitations have been increased to
accommodate additional definition files from Kaspersky
Labs to prevent Mail Sentinel Anti-Virus licenses from
becoming inaccurately marked as invalid.
GBOS4050004695
9.1.2 The Surf Sentinel proxy no longer performs a core dump
during latency calculations.
GBOS4050004460
9.1.3 GB-OS Mail Sentinel Anti-Spam and Mail Sentinel
Anti-Virus licenses now remain valid if GTA servers
cannot be reached.
GBOS4050004679
10. ACTIVITY
10.1 Bug Fixes
10.1.1 Automatic policies created by inbound tunnels that use
port redirection are now properly displayed in the
Monitor section.
GBOS4050004115
10.1.2 The time to expire for a DHCP lease is no longer
displayed to last for five additional hours.
GBOS4050004659
11. OPERATING SYSTEM
11.1 Enhancements
11.1.1 Verification of configuration settings has been
improved.
GBOS4050000766
11.1.2 GB-OS now accepts runtime updates from the Firewall
Control Center Server.
GBOS4050004631
12. RELEASE NOTES HISTORY
12.1 Previous Release Notes
These notes cover the 4.0.5 release of GB-OS. Release notes
for previous versions can be found at GTA's web site,
http://www.gta.com.
-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
|
