Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

	Title: GNAT Box Firewall System Release Notes
 Product: GNAT Box System Software Version 3.2.2
	 Date: 04 January 2002


SSL Encryption


GNAT Box System Software 3.2.2 defaults to use SSL Encryption for the Web
interface. If you are installing or using the software for the first time, SSL
will be on. If you default your system after installing version 3.2.2, SSL
will turn on.

Microsoft Internet Explorer 5 for Macintosh incompatibility

For most browser/OS combinations, you will be able to use the Web interface
with no changes to the SSL encryption. However, if you are using Internet
Explorer 5 for Macintosh, the browser will not allow you to accept or install
the Security Certificate and go to the GTA Firewall. To use
Internet Explorer 5 for Macintosh, you must turn off SSL Encryption.
See the Addendum for more information.

Microsoft Internet Explorer 5 Export version SSL 3.0

Microsoft Internet Explorer 5 Export version (40-bit) with Windows 98, NT
improperly implements SSL 3.0, therefore you must disable SSL 3.0 so that
the system will default to SSL 2.0 in order to use SSL encryption.

To disable SSL 3.0: In the browser, under Tools/Internet Options, click the
Advanced tab. Move down to the Security section and uncheck "Use SSL 3.0,"
then click OK.


These Release Notes includes the following sections:

1. System Software
	 1.1 Enhancements and Changes
	 1.2 Bug Fixes

2. Services
	 2.1 Enhancements and Changes
	 2.2 Bug Fixes

3. User Interfaces - All Interfaces
	 3.1 Enhancements and Changes
	 3.2 Bug Fixes

4. GBAdmin User Interface
	 4.1 1 Enhancements and Changes
	 4.2 Bug Fixes

5. Console User Interface
	 5.1 Enhancements and Changes
	 5.2 Bug Fixes

6. Web Browser Interface
	 6.1 Enhancements and Changes
	 6.2 Bug Fixes

7. Verification
	 7.1 Enhancements and Changes
	 7.2 Bug Fixes

8. Syslogger
	 8.1 Enhancements and Changes
	 8.2 Bug Fixes

9. Installers
	 9.1 Enhancements and Changes
	 9.2 Bug Fixes


1.  System Software
1.1 Enhancements and Changes

  1. Performance enhancement for how interfaces are tracked in filters, anti-
	spoofing and IP pass through.

1.2 Bug Fixes

  1. Using a modem for serial console can keep a GB-1000 from booting due to
	output from modem.

	Resolution: Ignore all input while booting.

  2. ICMP based traceroute dropping every other packet. ICMP tunnels being
	viewed as reserved port connections. This causes tunnel to close
	immediately without waiting for close timeout to be reached.

	Resolution: Change processing of ICMP messages to not close the
	tunnel for ICMP time exceeded messages.

  3. GB-100, GNAT Box Pro, GNAT Box Light and GNAT Box Demo runtime image too
  large to add desired enhancements.

	Resolution: Reduce console interface on these products.

  4. TTL value for inbound tunnels not being decremented.

	Resolution: Make inbound tunnels decrement TTL value before forwarding
	packet to end of tunnel.

  5. Multiple ISAKMP connections from behind a GNAT Box not working

	Resolution: Use both port (500) and destination address when verifying
	that connection is unique.

  6. When there are multiple connections to the internet, packets can arrive
	on a different interface than expected by spoof checks.

	Resolution: Make spoof checker ignore spoofs that arrive on an
	external interface and the return interface is also an external

  7. Serial interface locked at 19200 on GB-25 even using PPP.

	Resolution: Don't lock speed of serial console on GB-25.

  8. When using IP pass through, virtual cracks be opened correctly for
	all FTP cases.

	Resolution: Make inbound non-passive FTP and outbound passive FTP use
	correct source port when opening virtual crack.

2.  Services
2.1 Enhancements and Changes

  1. Add user section for capturing information about mobile VPN users.

  2. Introduce VPN objects that simplify the specification of VPNs.

  3. Update DNS server to BIND version 8.2.5.

  4. Introduce optional out-of-band VPN Client authentication. (GBAuth.
	See VPN Client User's Guide and gbauth.txt for more information.)

2.2 Bug Fixes

  1. Many users are entering incorrect static routes needed for the
	gateway selector to function correctly.

	Resolution: When pinging a beacon, make gateway selector send packet
	via associated gateway.

  2. The orbs blackhole list has closed down.

	Resolution: Replace it with ordb (http://www.ordb.org).

  3. The mail-abuse blackhole lists are now pay subscription based.

	Resolution: Disable mail-abuse list by default and replace
	dialups.mail-abuse.org with inputs.orbz.org.

  4. HA option uses the same virtual address on all interfaces. In
	recommended configurations, this did not cause a problem, but users
	plug in different interfaces into the same switch had problems.

	Resolution:  Add interface number to virtual MAC address so that each
	interface has a unique virtual MAC address.

  5. CyberNOT sometimes "hangs," continuously updating with a
	"lock exists" message.

	Resolution:  Add timeout to exit CyberNOT update after a certain
	period and then retry.

3. User Interfaces - All Interfaces
3.1 Enhancements and Changes

  1. Add default address object containing all protected networks.

  2. Change how IP address/mask combinations are entered. Old format used two
	fields, one for address and one for mask. New format uses a single
	field. Examples are:
	Example			Description			Host		Number of bits 	Mask	Range

  3. Add interface and alias names as valid objects to remote access filters
	and address objects.

  4. Combine remote access filters allowing access to RMC and WWW admin
	services into a single filter.

  5. Change VRID number range in H2A feature from 1-255 to 0-15. Only
  applicable to GB-1000 and GB-1000+.

3.2 Bug Fixes

  1. Requests have been made to make default pass thru filters for VPNs
	enabled by default.

	Resolution: Enable default pass thru filters created for VPNs and Users.

4. GBAdmin User Interface
4.1 Enhancements and Changes

  1. Added a progress dialog for runtime updates.

  2. Added a check for the proper version when loading the runtime from floppy.
	If the version loaded from the floppy is not compatible with the
	current version of GBAdmin the runtime will be discarded. The
	configuration information will still be loaded.

  3. You can now edit the NIC properties on the NetInfo screen.

  4. Simplify interface by removing features not available on the selected

4.2 Bug Fixes

  1. When using a manual VPN the mask for the remote address keeps going to

	Resolution: The mask code for mobile VPN was applied to the manual VPN,
	causing the mask to change.

  2. When cutting/pasting into the VPN screen. The underlying data pointers
	would eventually be referencing the wrong data item.

	Resolution: Updated the way that the index for the underlying data was

  3. If you are online to a GNAT Box and you use "Save As" from the file menu.
	The title will change from the IP address to the name of the new file.
	But, you are still online with the GNAT Box.

	Resolution: Changed "File/Save As" to "File/Save Copy As" this will
	save a copy of the current configuration to the selected file. And
	leave the current active file alone.

  4. In the address objects if you try to nest address objects you will get a
	random IP address instead.

	Resolution: The bit that indicates the address object is an address
	object not an address was not getting set.

  5. When merging a configuration into a loaded system. The network interfaces
	are set to "???" because the logical interfaces need to be matched up
	with the physical interfaces. The status indicator is green which
	indicates a valid configuration. If you save the configuration at this
	time the system will no longer be able to communicate.

	Resolution: Blocked saving the configuration if any of the logical
	interfaces have a NIC of "???". Also forced validation of the tree
	after the merge operation, which causes the status indicator to turn

  6. GBAdmin would set the communication port for the pager to the wrong value.

	Resolution: GBAdmin will now set the communication port for the pager
	to the proper value.

  7. You could enter a blank password using spaces.

	Resolution: No longer allow the user to enter a password of all spaces.

  8. On the alias screen if you click on the gray area below the grid, then
	hit enter, the grid will disapear.

	Resolution: An IDOK message was being sent and processed by the default
  CDialog. Added redundant OnOK message process to correct. Problem also
  corrected in Passwords screen.

  9. If you have ten addresses (the maximum) in the first address object in
  the list, no address objects can be added to any other address objects.

	Resolution: Directed the code to the count the items in the current address

  10. When deleting VPN objects, Users or VPNs, the  the item above would be

	Resolution: Repair an internal index that was off by 1.

  11. If the last column of a grid was clicked and the scroll bar was up, the
  whole grid would shift to the left by one column.

  Resolution: Make sure the grid window is large enough for the scroll bar.

  12. If filters are cut and pasted, they did not display correctly.

  Resolution: Repair an errant copy constructor for the filter items.

5. Console User Interface
5.1 Enhancements and Changes


5.2 Bug Fixes


6. Web Browser Interface
6.1 Enhancements and Changes

  1. Move MAC address to second column on network information screen to make
	it consistent with GBAdmin and Console.

  2. Add SSL support to GB-1000, GB-Flash and RoBoX.

7. Verification
7.1 Enhancements and Changes


7.2 Bug Fixes


8. Syslogger
8.1 Enhancements and Changes

		1. Change default configuration to 20 files each with a maximum
			of 500Kb.

8.2 Bug Fixes


9. Installers
9.1 Enhancements and Changes

		1. All installers install with a version number so that multiple
			versions can be installed on the same PC.

9.2 Bug Fixes


Copyright © 2016 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.