GTA released GNAT Box System Software version 3.3.4 (version 3.3 patch
level 4) on May 28, 2003.
This patch level release provides Surf Sentinel Plus customers with full
functionality of Surf Sentinel Plus under Web Filter 2.0, and addresses a
few issues which were identified since the release of version 3.3.3.
Surf Sentinel and Surf Sentinel Plus customers must obtain new Surf
Sentinel activation codes prior to updating.
Please refer to the release notes below for full details.
GNAT Box System Software version 3.3.4 will be available for download at
the GTA on-line support center at no charge for customers with GNAT Box
System Software version 3.3 or with a valid support contract.
Other users should contact GTA or their authorized GTA channel partner for
information on upgrading.
GTA will begin shipping products with GNAT Box System Software version
3.3.4 by June 2, 2003.
--------------------------------------------------------------------
release334.txt
--------------------------------------------------------------------
Global Technology Associates, Inc.
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software version 3.3.4
Date: 27 May 2003
RELEASE NOTES HISTORY
These notes cover the latest patch release of GNAT Box System Software
version 3.3.4. Release notes for previous versions can be found at
GTA's website, www.gta.com.
-------------------------------------------------------------------------
UPGRADE NOTES
For more about upgrading, see individual product text files.
New Surf Sentinel Feature Activation Code
----
Before upgrading to version 3.3.4, Surf Sentinel customers must enter a new
feature activation code to accommodate Cerberian Web Filter version 2.0.
The new code is available in the GTA support center under View Registered
Products. Delete the old feature code, enter the new code and save, then
upgrade the firewall.
Default SSL Encryption Settings
----
If upgrading from a version previous to 3.2.2, SSL will be disabled and the
default port set to 80. To enable SSL encryption, copy the current web
access Remote Access Filter, change the port on it to 443 and enable. Save
the section. Next, default and save the Authorization > Remote
Admin/Authentication function and save the section. This will enable all
encryption and change the server port to 443. Delete the old filter.
High Availability Names
----
Beginning in version 3.3, H2A systems began using Interface Object names
(HA-EXTERNAL, HA-PROTECTED), so GTA recommends changing references to HA
systems to reflect the new nomenclature.
Netscape/Mozilla
----
Version 3.3.4 installs a new default security certificate. Some browsers,
including Netscape and Mozilla, will not recognize the new certificate if
the original has never been replaced. If you are unable to log on to the
GTA Firewall after upgrading, delete the browser security certificate, then
exit and restart.
-------------------------------------------------------------------------
KNOWN ISSUES
Internet Explorer 5 For Macintosh
----
Internet Explorer 5 for Macintosh will not allow you to accept or install
the SSL security certificate. SSL must be disabled to use this combination.
Internet Explorer 5 Export Version, No Patch
----
The export version of IE 5 improperly implements SSL version 3.0, so to use
SSL 3.0, you must have installed the IE security patches.
Security Flaws In SSL Version 2.0
----
Because of the security flaws in SSL 2.0, GTA has removed support for it.
-------------------------------------------------------------------------
Release Notes include following enhancement and bug fix sections:
1. SYSTEM SOFTWARE
2. SERVICES
3. CFG LIBRARY
4. ALL USER INTERFACES
5. GBADMIN (Windows Only)
6. WEB
7. CONSOLE
8. CONTENT FILTERING
9. INSTALLERS
10. SYSLOG (Windows Only)
11. GBAUTH (Windows Only)
------------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements and Changes
NONE
1.2 Bug Fixes
1. On the Console, <Control-R> during boot does not reset the
firewall to factory defaults. GB334476
Resolution:
Restore the Reset to Factory Defaults feature by enabling
<Control-R> during boot.
2. Valid ICMP packets with non-standard formats are rejected as
invalid. GB334515
Resolution:
Allow for non-standard formats in ICMP packets, so that only
those packets with fewer than the minimum eight (8) bytes in
the ICMP header are rejected as invalid.
3. ICMP stealth block messages incorrectly use the source
address as the destination address. GB334541
Resolution:
Destination addresses for ICMP stealth mode blocks are now
properly logged.
2. SERVICES
2.1 Enhancements and Changes
2.2 Bug Fixes
NONE
3. CFG LIBRARY
3.1 Enhancements and Changes
3.2 Bug Fixes
NONE
4. ALL USER INTERFACES
4.1 Enhancements and Changes
4.2 Bug Fixes
NONE
5. GBADMIN (Windows Only)
5.1 Enhancements and Changes
1. Add selection options in log messages. Options now include:
select line(s) and drag; select single line; select multiple
lines; select lines with arrow keys; and select all using
<Control-A>. GB334458
5.2 Bug Fixes
1. GBAdmin allows more than the five (5) required characters in the
Network Time Service section NTP Key field. GB334473
Resolution:
Restrict the NTP Key field to the five (5) required characters.
6. WEB
6.1 Enhancements and Changes
6.2 Bug Fixes
NONE
7. CONSOLE
7.1 Enhancements and Changes
7.2 Bug Fixes
NONE
8. CONTENT FILTERING
8.1 Enhancements and Changes
1. Add support for Cerberian Web Filter 2.0 enhancements to Surf
Sentinel Plus reporting. GB334527
8.2 Bug Fixes
1. Content filtering sometimes stops. Log message states, "proxy:
Unable to release semaphore: Invalid argument." GB334508
Resolution:
Remove need for semaphores.
2. When transparent proxy is enabled, connections to websites
that use persistent connections such as Outlook Web Access on
port 80 fail, and some sites in the allow list load slowly or
not at all. GB334482/481
Resolution:
Ensure that the proxy does not override persistent connections.
9. INSTALLERS
9.1 Enhancements and Changes
NONE
9.2 Bug Fixes
1. Can't select the GB-Flash SIO installer. GB334528
Resolution:
Add GB-Flash SIO to installer image.
10. SYSLOG (Windows Only)
10.1 Enhancements and Changes
10.2 Bug Fixes
NONE
11. GBAUTH (Windows Only)
11.1 Enhancements and Changes
NONE
11.2 Bug Fixes
1. Disconnect function triggered by using the Show option. When show
is selected, GBAuth stops sending keep alives. GB334500
Resolution:
Replace the Show option with Disconnect, as the Show option is
not needed after authentication.
--------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://www.mail-archive.com/[EMAIL PROTECTED]
