GB-OS FIREWALL SOFTWARE
                              VERSION 6.2.03
                              RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 6.2.03
Date:       15 February 2016

-------------------------------------------------------------------------
GB-OS version 6.2.03 includes updated versions of the following GTA
products and utilities:

    GB-OS                       6.2.03

Release notes are located on the installation CD and on GTA's Web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SYSTEM

3.  SERVICES

4.  USER INTERFACE

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 6.1.x or below, new activation codes must be
        entered. GB-OS version 6.2.03 is available at no charge to customers 
        with a GTA support contract or annual maintenance agreement. 
        Other users should contact their local Authorized GTA Channel Partner 
        or email sales@gta.com for information and pricing of upgrade options.

        
    1.2 Upgrade Notes   
        
        1.2.1 Upgrading to GB-OS 6.2.x
        
        Firewalls must be on GB-OS version 6.1.x or higher to properly
        upgrade to GB-OS 6.2.x. See the Upgrade Guide for more information.
              
              
        1.2.2 GB-250 Rev A Not Supported
                    
        GB-250 Rev A firewalls are NOT supported in GB-OS 6.1.0 and above.
        Determine GB-250 Rev A or Rev B by the following:
              
        1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
           not have USB ports. 
              
        2. GB-250 Rev B firewall serial numbers are:
           Starting at S/N 65002101 and above 
           Starting at S/N 65902101 and above
        
        1.2.3 Error Messages Upon Initial Reboot
    
        Upon rebooting after successful installation, the GTA
        Firewall UTM Appliance may display errors when accessed
        using the Web interface.  This is expected, these errors are
        generated because the browser's cache is trying to access
        files and locations that no longer apply. Click OK to any
        displayed errors and refresh the browser window to access
        GB-OS 6.2.03. If the error messages persist, clear your
        browser's cache.                         
              
              
        1.2.4 Web Filtering Upgrade Notice
      
        GB-OS 6.1.3 and above includes enhancements to the Web Filtering
        category listings. The Web Filtering categories will be modified 
        when your GTA firewall is updated to GB-OS 6.2.03. Existing Web 
        Filtering categories will be automatically mapped to the enhanced 
        categories included in GB-OS 6.1.4. Please review the Content 
        Filtering Feature Guide for details on the Web Filtering 
        category mapping.
            
        GTA strongly recommends reviewing the settings for all (new and 
        automatically mapped) categories and making any necessary 
        revisions to your Web Filtering settings and policies to ensure 
        they meet your corporate Internet Access Policy.

        1.2.5 IPS Upgrade Notice

        GB-OS 6.1.10 and above include enhancements to the IPS
        categories and rules. 

        GTA strongly recommends reviewing the settings for all enabled
        IPS rules and making any necessary revisions to your IPS settings
        to ensure they meet your corporate Internet Access Policy.

        1.2.6 GB-250 no longer support IPS, Anti-spam, and Anti-virus.
                    
        GB-250 firewalls do not support IPS, Anti-spam, and Anti-virus.
               
               
    1.3 SSL Certificate Replacement

        GB-OS version 6.2.03 and above install a new default security/SSL
        certificate. Some browsers, will not recognize the new certificate if
        the original has never been replaced. If you are unable to log on to
        the firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  SYSTEM

    2.1 Modifications 
        2.1.1   Mixing External and PSN/Protected zone type for bridging can
                cause routing issues. Particularly with IPSec. Code modified
                so ICMP redirects will not be generated for bridged interfaces.
                GBOS62030029467

         2.1.2  Updated paravirtulized drivers for Hyper-V to increase
                performance.
                GBOS62030021081

     2.2 Bug Fixes
         2.2.1  Fixed memory leak issue with lots of IPSec security
                associations.
                GBOS62030029417

         2.2.2  Correctly remove entries from country IP cache if cache
		becomes full.
                GBOS62030029337

3.  SERVICES
                
    3.1 Modifications 
        3.1.1   Restrict list of ciphers supported by SSL client's command
                channel to:
                TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
                TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
                TLS-DHE-RSA-WITH-AES-256-CBC-SHA 
                GBOS62030029402

        3.1.2   Update DNS proxy service to latest version.
                GBOS62030029462

        3.1.3   Update IPS service to latest version.
                GBOS62030029377

        3.1.4   Update SSL client service to latest version.
                GBOS62030029397

        3.1.5   DNS proxy now validates and caches results. 
                GBOS62030026891

    3.2 Bug Fixes
        3.2.1   Upgrade NTP service to latest version to fix possible security
                issues.
                GBOS62030029452

        3.2.2   Upgrade DHCP server service to latest version to fix possible
                security issue.
                GBOS62030029422

        3.2.3   Upgrade IPSec service to latest version to fix possible
                security issues.
                GBOS62030029317
                
4.  USER INTERFACE

    4.1 Modifications
        4.1.1   Remove legacy support for TLS v1.0 and TLS v1.1.
                GBOS62030029307

        4.1.2   Make IPS graph labels match actions.
                GBOS62030027241

        4.1.3   If a number between 1 and 32 is entered in a netmask field,
                now assume user is entering mask using CIDR notation and process
                accordingly.
                GBOS62030001442

        4.1.4   Send complete certificate chain and not just subject
                certificate.
                GBOS62030029437

        4.1.5   Send X-Frame-Options in HTTP headers.
                GBOS62030029447

        4.1.6   Since DNS proxy will automatically query root servers, obtain
                DNS server automatically by default when configuring firewall
                using basic wizard.
                GBOS62030029432

        4.1.7   Make sure passwords on firewall are strong. Password cannot
                contain the User ID. Must be at least eight characters long
                and contain at least 3 of 4 character types. Character types
                are: 
                - Upper case letters.
                - Lower case letters.
                - Numbers.
                - Special character such as #, !, ?, ^, or @.
                GBOS62030029352

        4.1.8   Added ability for secure remote access users (IPSec, SSL client 
                and SSL browser methods) to update their password using the 
                SSL browser interface.
                GBOS62030026601

        4.1.9   Added grey listing override object to mail proxy.
                GBOS62030029297

        4.1.10  Enhanced validation of data entered by user.
                GBOS62030029497

        4.1.11  Add support for Google Chrome's password saving mechanism.
                GBOS62030029507


-------------------------------------------------------------------------
Global Technology Associates, Inc.
3361 Rouse Rd, Suite 240
Orlando, Florida 32817
www.gta.com
407.380.0220