Dear Valued GTA Firewall customer,
GTA released GNAT Box System Software ver 3.3 patch level 3 (ver 3.3.3) on
April 1, 2003. This patch release contains minor functionality
enhancements and addresses several issues that have been identified since
the release of ver 3.3.2.
Effective with the release of GNAT Box System Software ver 3.3.3, GTA will
be upgrading Surf Sentinel to operate under Cerberian's Web Filter 2.0
engine. This upgrade will provide Surf Sentinel subscribers enhanced
performance for content filtering and Internet access management. See
release notes included below.
GNAT Box System Software ver. 3.3 patch level 3 will be available for
download through the GTA on-line support center on April 1, 2003 and will
shipped preinstalled on new products by April 4, 2003. Customers whose
firewalls are currently registered through GTA's on-line support center
and have version 3.3.x or a current support contract may download the
latest update at no charge. Other customers must purchase either a single
version upgrade or support contract to upgrade to version 3.3.3.
Customer Service
GTA, Inc.
------------------------release333.txt------------------------------
Global Technology Associates, Inc.
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software version 3.3.3
Date: 1 April 2003
RELEASE NOTES HISTORY
These notes cover the latest patch release of GNAT Box System Software
version 3.3.3. Release notes for previous versions can be found on GTA's
website at www.gta.com.
-------------------------------------------------------------------------
UPGRADES
! Caution: Always Back Up Your Configuration Before Upgrading! !
----------------------------------
DEFAULT SSL ENCRYPTION SETTINGS
----
If you are upgrading from a version previous to 3.2.2, SSL will be disabled
and the default port will be set to 80. To enable SSL encryption, first
copy your current Remote Access Filter for web access, change the port
number to 443 and enable it without disabling your old filter. Save the
section. Next, default and save the Remote Admin/Authentication function
under Authorization and save the section. This will enable all encryption
and change the server port to 443. Once SSL encryption is activated on port
443, you can delete your old web access filter.
----------------------------------
HIGH AVAILABILITY NAMES
----
Starting with version 3.3, H2A systems began using Interface Object names
(default, HA-EXTERNAL, HA-PROTECTED), so it is recommended that you change
the references to your HA systems to reflect the new nomenclature,
especially in VPN Objects and Remote Access Filters.
----------------------------------
GB-100 UPGRADES
----
In version 3.3, GB-100 directory parameters were changed in the disk label
to free up space for the enhanced GNAT Box System Software runtime. When
upgrading from a version prior to 3.3, revising the disk label requires a
destructive installation using GB-100 installation floppies.
! Back Up Your Configuration --- Destructive !
! Installation Overwrites Your Configuration With Factory Settings. !
----------------------------------
NETWORK INTERFACE CARDS
----
See GTA's website at http://www.gta.com/tech/hardware.php for a list of
compatible NICs for GB-Pro, GB-Flash, GNAT Box Light and GNAT Box Demo.
-------------------------------------------------------------------------
KNOWN BROWSER ISSUES
Internet Explorer 5 For Macintosh
Internet Explorer 5 browser for the Macintosh platform will not allow you
to accept or install the SSL security certificate. SSL must be disabled to
use this combination.
Internet Explorer 5 Export Version, No Patch
Because of security flaws in SSL version 2.0, GTA has removed SSL 2.0
support. IE 5 Export version improperly implements SSL version 3.0, so in
order to use SSL 3.0 with GNAT Box System Software 3.3.x, you must have
installed the IE security patches.
Netscape/Mozilla
If you are unable to log on to your GTA Firewall after upgrading, delete
the security certificate in your browser, then exit and restart to restore
access. Version 3.3.3 installs a new default security certificate. Some
browsers, including Netscape and Mozilla, will not recognize the new
default if the original default certificate has never been replaced.
-------------------------------------------------------------------------
Release Notes include following sections of enhancements and bug fixes:
1. SYSTEM SOFTWARE
2. SERVICES
3. CFG LIBRARY
4. ALL USER INTERFACES
5. GBADMIN (Windows Only)
6. WEB
7. CONSOLE
8. CONTENT FILTERING
9. INSTALLERS
10. SYSLOG (Windows Only)
11. GBAUTH (Windows Only)
------------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements and Changes
1. Added Turkish localization support for GBAdmin and the Web
Interface. GB333401
2. Added support for USB keyboard to GB-Flash systems. GB333427
3. Added option to Filter Preferences to log the ICMP packets
dropped by Stealth mode. GB333378
1.2 Bug Fixes
1. GB-100 runtime in version 3.3.2 did not include the DNS Server.
GB333313
Resolution:
Included DNS Server in the GB-100 runtime for version 3.3.3.
2. RoBoX may fail to boot up when some types of terminal servers
are attached to the console port. GB333375
Resolution:
During boot, make system ignore the terminal server's modem
status lines.
3. System log messages are sometimes merged. GB333390
Resolution:
Make the system log one message at a time, not allowing another
message to interrupt.
4. When using RIP with an internal router that is advertising
a default route (gateway), the firewall will aggregate all
static routes on the internal router into the default route
when passing them to another router. GB333391
Resolution:
Make system ignore default route when aggregating static routes.
5. Filter Preference options that have "log" selected are
incorrectly logged as "icmp" in configuration messages.
GB333400
Resolution:
Filter Preference options that have "log" selected are now
logged as "log."
6. If a SYN+ACK response packet is lost before reaching the
intended External host, both the SYN packet resent by the
External host and the SYN+ACK packet resent by Internal
host are blocked as unexpected, as part of the TCP
three-way handshake validation. GB333411
Resolution:
Allow internal host to resend SYN+ACK packet.
7. If the word "local" is used as an interface name and it is
selected in a filter, anything destined for that interface
is blocked. GB333426
Resolution:
Allow the use of the word "local" as a name for interfaces.
8. NATed connections always use the primary interface address as
the source address of the connection. GB333459
Resolution:
Use the source address from destination route as the NAT source
address.
2. SERVICES
2.1 Enhancements and Changes
1. Increase support for DHCP servers and/or clients from four
to nine. GB333415
2.2 Bug Fixes
1. Priority can be set to "0" and higher than "255" in the
HA configuration screen. GB333373
Resolution:
When loading HA, force an invalid priority to be a number from
1-255; force an invalid VRID to be a number from 0-15.
2. In Mobile and IKE VPN, an odd number of HEX characters is not
valid in the pre-shared secret field. GB333376
Resolution:
If a pre-shared secret in HEX format has an odd number of
characters, append a 0.
3. DNS proxy stops accepting requests. GB333383
Resolution:
Ensure that all stale DNS proxy entries are removed so the
proxy can continue accepting new requests.
4. If a "/" is used in a reverse zone name, no zone entry is
created, creating errors in the DNS configuration files.
GB333384
Resolution:
When creating zone filenames, map "/" to "-".
5. If there are extraneous bits in the network portion of
the subnet IP address/mask (e.g., 10.10.10.50/29), the
reverse DNS file is created with a default mask (e.g.,
10.10.10.0/24). GB333385
Resolution:
Ignore extraneous bits in network when matching.
6. The web proxy has memory leaks in Traditional Proxy mode.
GB333389
Resolution:
Close memory leaks in the web proxy.
7. If DHCP is used on the secondary Interface/router, Gateway
Selector does not fail over. GB333429
Resolution:
If interface uses DHCP, use DHCP gateway address.
3. CFG LIBRARY
3.1 Enhancements and Changes
1. Enhanced verification message to indicate that he firewall
cannot be used as a beacon for another H2A firewall while in
Stealth mode. GB333364
3.2 Bug Fixes
1. Auto-configuring IP Pass Through filters sometimes causes
GBAdmin or the Web interface to crash. GB333392
Resolution:
Increase filter space, and verify that space is available for
the new list of filters before auto-configuration is executed.
2. The Priority selection made for a filter does not display
correctly in the GBAdmin Configuration Report. GB333414
Resolution:
Priority selection now displays correctly in the Configuration
Report.
3. Configuration Report does not indicate if DNS proxy is enabled
or disabled. GB333419
Resolution:
Added a report line for indicating whether DNS Proxy is
enabled or disabled.
4. ALL USER INTERFACES
4.1 Enhancements and Changes
4.2 Bug Fixes
NONE
5. GBADMIN (Windows Only)
5.1 Enhancements and Changes
NONE
5.2 Bug Fixes
1. The user name in PPPoE settings can be no longer than 18
characters. GB333367
Resolution:
The user name in PPPoE may now be 51 characters long.
2. When adding a new logical interface, if the focus is in an
existing item, the new item will not contain default
information. GB333405
Resolution:
All items newly added to Logical Interfaces will contain
default information.
3. GBAdmin may crash when changing sections after selecting
the Inbound checkbox field in the IP Pass Through
Host/Networks screen. GB333413
Resolution:
When changing sections, GBAdmin closes the current section
before displaying another one.
4. More characters can be entered in name fields than the
fields can use. GB333451
Resolution:
Allow users to enter only 19 characters in name fields.
6. WEB
6.1 Enhancements and Changes
6.2 Bug Fixes
NONE
7. CONSOLE
7.1 Enhancements and Changes
7.2 Bug Fixes
NONE
8. CONTENT FILTERING
8.1 Enhancements and Changes
1. Upgrade Surf Sentinel's web filtering protocol to Cerberian
Web Filter 2.0. GB333000
2. Change functionality of Local Allow list so that it can be
used without a categorization facility, so that only sites on
the Local Allow list are allowed. GB333417
3. Allow use of Local Deny list with no other facilities
enabled; only entries in the Local Deny list will be blocked.
GB333418
4. Upgrade Cerberian categories in Surf Sentinel to match
Cerberian Web Filter version 2.0. GB333428
8.2 Bug Fixes
1. Using transparent proxy, only the first URL in a persistent
connection is rated. GB333433
Resolution:
Force all connections to be non-persistent, ensuring that all URL
requests are rated.
9. INSTALLERS
9.1 Enhancements and Changes
9.2 Bug Fixes
NONE
10. SYSLOG (Windows Only)
10.1 Enhancements and Changes
NONE
10.2 Bug Fixes
1. At startup, Syslog displays the message "Unable to create
directory '.000.D:' Program Shutting Down!" when the path
specified does not have a dot (.). GB333387
Resolution:
Make Syslog accept any valid path name.
11. GBAUTH (Windows Only)
11.1 Enhancements and Changes
NONE
11.2 Bug Fixes
1. After the user has authenticated, GBAuth displays an
unnecessary dialog that reads: "Time remaining 0." GB333360
Resolution:
"Time remaining 0" dialog removed from GBAuth.
2. The close command in the system tray icon menu does not
close the main window. GB333377
Resolution:
Substitute "Exit" for the "Close" command, and make the command
exit the application.
--------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[EMAIL PROTECTED]
