GB-OS FIREWALL SOFTWARE
Author: Global Technology Associates, Inc.
Product: GB-OS version 5.1.0
Date: 16 June 2008
GB-OS version 5.1.0 includes updated versions of the following GTA
products and utilities:
Release notes are located on the installation CD and on GTA's Web site.
For more about upgrading related software, see individual product
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
7. THREAT MANAGEMENT
9. OPERATING SYSTEM
10. RELEASE NOTES HISTORY
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 5.0.x or below, new activation codes must be
entered. GB-OS version 5.1.0 is available at no charge to
customers with a GTA support contract or annual maintenance
agreement. Other users should contact their local GTA channel
partner or email email@example.com for information and pricing of
1.2 Upgrade Notes
1.2.1 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser's cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 5.1. If the error messages persist, clear your
1.3 SSL Certificate Replacement
GB-OS version 5.1 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
2.1 New Features
2.1.1 Support added for virtualized hosts.
2.1.2 LBA mode is now accessible from disk when installing GB-Ware.
2.2.1 Improved performance for remote Web administration.
2.3.1 Updated IPS engine.
2.3.2 GTA appliances, when running GB-OS software in demonstration
mode, are now disabled when demonstration time expires.
2.3.3 Updated SNMP service.
2.3.4 Updated Network Time Protocol.
2.3.5 Updated XML schema for 5.1.0
2.3.6 Default time zone and country are now determined by the user's
Web browser language setting.
3.1 New Features
3.1.1 Border Gateway Protocol (BGP) support has been added to GB-OS
routing protocols for GB-2000, GB-3000, and GB-Ware.
3.1.2 Open Shortest Path First Protocol (OSPF) support has been added
to GB-OS routing protocols.
3.2.1 Time groups have been added to tunnels.
3.2.2 Trusted Networks option added to the DNS server.
3.2.3 Added option to specify the inbound tunnel's source address.
3.2.4 Added ability to disable interfaces defined in network settings.
3.2.5 Added abilitiy to statically map addresses based on service
3.3.1 Basic Setup wizard automatically defaults the external
connection to PPP when only one NIC is present.
3.3.2 Bridged option is hidden when setting DHCP for an interface.
3.3.3 When email alarms are disabled, unsuccessful email messages are
3.4 Bug Fixes
3.4.1 Firewall properly uses gateway polices for sharing when sharing
3.4.2 Firewall now properly handles arp requests when updating VLANs.
3.4.3 System remains operational when using NAT-T and VPN accelerator
cards are installed.
3.4.4 GSM Modem and USB connections remain operational after editing
the network settings.
4.1 New Features
4.1.1 Added ability to force log off authenticated users.
4.1.2 Active Directory Single Sign-On has been added as an
4.1.3 Added support for SSL LDAP authentication.
4.2.1 Added option to configure valid duration for authenticated
4.2.2 Added ability to disable GBAuth keep alives.
4.2.3 LDAP/RADIUS user group has been added to Account Groups.
4.3 Bug Fixes
4.3.1 RADIUS authentication remains operational with pre-shared
secrets larger than 20 characters.
5.1 New Features
5.1.1 SMS message support has replaced pager support.
5.2.1 Improved support for SNMP Trap messaging.
5.2.2 Added filter options for the display of active connections based
on source, destination, and service.
5.2.3 Added option to flush active connections.
5.2.4 Added log section to view warnings and errors.
5.2.5 Added option to receive email notifications of gateway status.
5.3 Bug Fixes
5.3.1 Firewall now attempts email notifications a maximum of five
retries before logging the failure.
5.3.2 Firewall now properly attempts to connect to secondary MX upon
primary MX failure.
6.1.1 Added additional configuration options for High Availability
6.1.2 Added ability to enable or disable automatic policies for
6.2.1 High Availability has been moved from Services to Interfaces in
the main tree menu.
6.2.2 Dynamic routing (RIP, OSPF, BGP) is now disabled on High
Availability systems when in Init and Standby mode.
6.3 Bug Fixes
6.3.1 High Availability now restarts when interfaces are edited and
7. THREAT MANAGEMENT
7.1.1 Time groups can now be used with Surf Sentinel Content
7.1.2 Added statistics page for Surf Sentinel.
7.1.3 Added tuning options for the IPS Proxy.
7.1.4 Surf Sentinel traditional proxy now supports persistent
7.1.5 Added caching for Surf Sentinel content filtering ratings.
7.2.1 Improved Anti-Spam processing.
7.2.2 Improved display of Mail Sentinel statistics.
8.1.1 Added option for switching between live/test mode when
applying/copying the configuration.
8.1.2 Added the option to preserve the Activation Codes section when
8.1.3 Added the ability to compress and encrypt configurations when
exporting from the firewall.
8.2.1 Audit events option has been added to configuration emails.
8.2.2 Hyperlinks have been removed from configuration emails.
8.2.3 Improved support for configuration conversion from
3.7.x to 5.x.x.
9. OPERATING SYSTEM
9.1 New Features
9.1.1 Added feature enabling the network diagnostics user interface to
remember the most recent host and binding interface for the
9.1.2 Support for Camellia encryption algorithm added.
9.1.3 Added the ability to request an evaluation of Mail Sentinel
Anti-Virus, Mail Sentinel Anti-Spam, and/or Surf Sentinel via
the Web interface.
9.1.4 Added user logout option to the GB-OS Web interface.
9.1.5 Email notifications are consolidated into the new Notifications
9.1.6 Added abilitiy to configure connection limits for total and per
9.2.1 FWCC status has been added to System Overview.
9.2.2 Added gateway policy status.
9.2.3 Added option to switch to English on Hint tab when using a
9.2.4 Added priorities to audit events.
9.3.1 Improved system configuration verification.
GBOS5100002557, GBOS5100005301, GBOS5100005376, GBOS5100005411,
GBOS5100005661, GBOS5100005671, GBOS5100004950, GBOS5100003884
9.3.2 Copy/Paste option has been removed from address objects, service
objects, time groups and account groups.
9.3.3 Service object list has been updated to include BGP, OSPF, IMAP,
IMAPS, and SNPP.
9.3.4 System Overview/Information layout is now retained across login
9.3.5 Tree menu now displays tool tips for verification warnings
9.3.6 Time based inactive policies are now displayed with a red
9.3.7 Active connection is mapped to service object with the Protocol
column replaced with Service.
9.3.8 Size of the audit event records has been increased to 500 lines.
9.3.9 Disabled VLANs are now displayed on in the System Overview
9.3.10 All automatic policies are now displayed with either an Enabled
or Disabled status.
9.3.11 Revised handling of large numbers of connections to a
9.4.12 Firewall now flushes old connections upon change to an external
interface's IP address.
9.4.13 Improved display of statistics page.
9.4 Bug Fixes
9.4.1 Centralized VPN hub now properly supports spoke output from hub
9.4.2 Display of the install prompt screen is now correct when
updating activation codes.
9.4.3 GTA licensing server now only checks when firewall is running
9.4.4 ARP timeouts are now properly removed.
10. RELEASE NOTES HISTORY
10.1 Previous Release Notes
These notes cover the 5.1.0 release of GB-OS. Release notes
for previous versions can be found at GTA's Web site,
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817