GTA Announces GNAT Box System Software Version 3.4
GTA Releases the latest version of its firewall software
Orlando, FL - August 11, 2003 - Global Technology Associates, Inc. (GTA), a
worldwide leader in cost-effective network security solutions, today
announced the release of GNAT Box System Software version 3.4. This latest
version is shipping preinstalled on GTA new family of firewall appliances -
GB-1500, GB-1200, GB-750, GB-500 and GB-200 and the GB-Pro and GB-Flash.
Additionally, GNAT Box System Software version 3.4 upgrades will be
available for owners of the GB-1000 Appliance and RoBoX Appliance.
GNAT Box System Software version 3.4 contains numerous enhancements
including: inbound and outbound user authentication, ability to track user's
name in log files when authentication is utilized, simplified VPN
configuration, support for PPTP using PPP client, support for SSL
encryptions in GBAdmin, customized message or URL redirect when a blocked
site is requested, and ability to use content filtering with IP- pass
through.
"With GNAT Box System Software version 3.4 GTA, provides our customers the
highest quality network security," said Paul Emerson, President of GTA.
"GNAT Box System Software is backed by 9 years of in field use and
experience, and the enhancements included in the version 3.4 allow GTA to
continue to offer exceptional price/performance to our customers."
GNAT Box System Software Version 3.4 began shipping on new units in North
American and Europe August 8, 2003, and will be introduced in Japan in
September 2003. It will be available at no charge to customers with a GTA
support contract or annual maintenance agreement, or who purchased a GTA
firewall on or after June 1, 2003. Other users should contact their local
GTA channel partner or email [EMAIL PROTECTED] for information and pricing of
upgrade options.
Michael Rhing
Global Technology Associates, Inc.
(Domestic) Tel: 1.800.775.4482 x1223
(Outside US) Tel: +1.407.380.0220 x1223
Fax: +1.407.380.6080
www.gta.com
--------------------------- RELEASE NOTES ----------------------------------
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software version 3.4.0
Date: 1 August 2003
RELEASE NOTES HISTORY
These notes cover the latest patch release of GNAT Box System Software
version 3.4.0. Release notes for previous versions can be found at
GTA's website, www.gta.com.
-------------------------------------------------------------------------
UPGRADE NOTES
For more about upgrading, see individual product text files.
New Surf Sentinel Feature Activation Code
----
Before upgrading to version 3.4.0, Surf Sentinel customers upgrading from
a version previous to 3.3.4 must enter a new feature activation code to
accommodate Cerberian Web Filter version 2.0. The new code is available
in the GTA support center under View Registered Products. Delete the old
feature code, enter the new code and save, then upgrade the firewall.
Default SSL Encryption Settings
----
If upgrading from a version previous to 3.2.2, SSL will be disabled and the
default port set to 80. To enable SSL encryption, copy the current web
access Remote Access Filter, change the port on it to 443 and enable. Save
the section. Next, default and save the Authorization > Remote
Admin/Authentication function and save the section. This will enable all
encryption and change the server port to 443. Delete the old filter.
High Availability Names
----
Beginning in version 3.3, H2A systems began using Interface Object names
(HA-EXTERNAL, HA-PROTECTED), so GTA recommends changing references to HA
systems to reflect the new nomenclature.
Netscape/Mozilla
----
Version 3.4.0 installs a new default security certificate. Some browsers,
including Netscape and Mozilla, will not recognize the new certificate if
the original has never been replaced. If you are unable to log on to the
GTA Firewall after upgrading, delete the browser security certificate, then
exit and restart.
-------------------------------------------------------------------------
KNOWN ISSUES
Internet Explorer 5 for Macintosh
----
Internet Explorer 5 for Macintosh will not allow you to accept or install
the SSL security certificate. SSL must be disabled to use this combination.
Internet Explorer 5 Export Version, No Patch
----
The export version of IE 5 improperly implements SSL version 3.0, so to use
SSL 3.0, you must have installed the IE security patches.
Security Vulnerabilities in SSL Version 2.0
----
Due to security vulnerabilities in SSL 2.0, support for it has been
removed in GNAT Box System Software.
-------------------------------------------------------------------------
Release Notes include following enhancements, modification and bug fix
sections:
1. SYSTEM SOFTWARE
2. SERVICES
3. CFG LIBRARY
4. ALL USER INTERFACES
5. GBADMIN (Windows Only)
6. WEB
7. CONSOLE
8. CONTENT FILTERING
9. INSTALLERS
10. GTASYSLOG
11. GBAUTH (Windows Only)
------------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements
1. Make NAT, IP Pass Though and VPNs inherit their logging and
priority settings from the filter that allowed them to be
created. GB340432
2. Add to transparent proxy the ability to return a block
message or redirect to a URL when blocking a user. GB340435
3. Add ability to require tunnel and filter authentication.
GB340436
4. Close connections that use a time-based filter at the stop
time set for the filter, if connection is still active.
GB340441
5. Log user, packets received (pkts_rcvd) and packets sent
(pkts_sent) when logging NAT, VPN and IP Pass Through closes.
GB340455
6. Allow TCP packets with ECN bits set. ECN is commonly used by
default on LINUX systems, but is non-standard, and so was
previously denied by GTA firewalls. GB340601
1.2 Modifications
1. Enhancements to system software have increased the size of the
runtime image, so remove support for the less-used functions
RIP and Gigabit from floppy-disk based products. GB340517
1.3 Bug Fixes
1. Non HTTP services running on HTTP service ports (80 or 8080)
can not be accessed using WWW proxy. GB340006
Resolution:
Pass unparseable connections to content filtering as type
unknown.
2. SERVICES
2.1 Enhancements
1. Add support for PPTP to PPP client. GB340457, GB340498
2. Simplify the use of VPN mobile protocol: mobile protocol will
be used only if "Force mobile protocol" is selected in the
VPN object. GB340540
3. Set 300 connection maximum on email proxy connections to
prevent excess memory use. GB340616
4. Add to SMTP proxy the ability to log to and from addresses,
and log reason for block, when rejecting email. GB340453
2.2 Modifications
NONE
2.3 Bug Fixes
1. IKE service exhausts memory when using RIP. GB340594
Resolution:
Remove routing memory leak from IKE daemon.
2. Primary domain name is not appended to hosts when using Ping
or Traceroute if using the DNS Proxy. GB340636
Resolution:
When using DNS Proxy, use primary domain, if specified.
3. CFG LIBRARY
3.1 Enhancements and Changes
1. Add ability to use wildcard character "*" when specifying DNS
hosts. GB340407
3.2 Modifications
1. Added verification for matching aliases to network information
screen networks when aliases specify a netmask and the alias is
on the same logical network as a primary address. GB340402
2. Add PPPoE interface information to the configuration report
network information section. GB340514
3.3 Bug Fixes
1. Number of VPN security associations for mobile users and
authorized VPNs is not directly verified. GB340538
Resolution:
Add verification check for number of security associations
being defined. Additionally, when configuring VPNs ignore
those that would cause system to exceed allowed security
associations.
4. ALL USER INTERFACES
4.1 Enhancements
1. Add ability to use objects for configuring a remote network
in Users Authorization. GB340012
2. Simplify VPN configuration under VPN Authorization. GB340470
3. Enhance inbound tunnel configuration by adding a description
field and an enable checkbox, similar to filter
configuration. GB340471
4. Add system activity report to display authenticated users.
GB340495
5. When updating a HA standby/slave firewall, preserve the
standby firewall's PPP configuration. GB34501
6. Change the Destination IP address for the Traditional Proxy
default filter to (previously, the default
destination IP address was 0.0.0.0/0>.)
GB340503
7. Add a system activity report to display the Active Hosts on
user-limited products. GB340521
8. Add filter preference options for logging tunnel opens,
closes, and filter blocks. GB340560
9. Simplify product activation by moving serial number to
Feature screen from Preferences/Contact Information screen.
GB340562
10. Revise Filter Preferences screen by removing old Default
Logging section options. GB340580
4.2 Modifications
1. As the WebSense service is no longer available, drop support
for WebSense service from all interfaces. GB340506
2. Simplify VPN by limiting supported encryption algorithms to
null, AES, blowfish, des, 3des and strong. Remove cast128 and
twofish. GB340522
3. Remote Logging fields functionality moved to Filter
Preferences; remove open, close, web priority fields. GB340554
4. Make WELF the only supported logging format. GB340712
4.3 Bug Fixes
1. Discrepancy in the Password field for Users authorization in
GBAdmin and the Web Interface. GB340577
Resolution:
Revised Password field to allow 127 characters.
2. Host name entry is limited to 19 characters. GB340406
Resolution:
Allow entry of host names up to 63 characters long.
5. GBADMIN (Windows Only)
5.1 Enhancements
1. Add support for SSL encryption and to create new SSL
certificates to GBAdmin. GB340437
2. Add the ability to generate a new SSL certificate to GBAdmin
under Remote Admin/Authentication. GB340450
3. Add option to view either summary or description to filter and
tunnel sets display: View > Descriptions to toggle on/off.
GB340483
4. Update GBAdmin Help files. GB340362
5.2 Modifications
NONE
5.3 Bug Fixes
1. The pager configuration under Filter Preferences does not
load nor save the configured speed setting correctly.
GB340600
Resolution:
System now reads and saves the pager speed correctly.
6. WEB
6.1 Enhancements and Changes
1. Add Help files. GB340xxx
6.2 Modifications
6.3 Bug Fixes
NONE
7. CONSOLE
7.1 Enhancements
7.2 Modifications
7.3 Bug Fixes
NONE
8. CONTENT FILTERING
8.1 Enhancements and Changes
1. Add support so that the Transparent Proxy filters when IP
Pass Through is used. GB340484
8.2 Modifications
1. Remove redundant category "Other." GB340610
8.3 Bug Fixes
1. The Transparent Proxy sends an incorrect TCP reset packet to
an External Web Server during a content filtering block.
GB340545
Resolution:
When sending reset to server, use correct IP addresses and
sequence numbers.
2. Adding a trailing dot to a URL (e.g., www.domain.com.) can
bypass content filtering. GB340735
Resolution:
Remove any trailing domain separators from domain names
before applying content filtering.
9. INSTALLERS
9.1 Enhancements
9.2 Modifications
9.3 Bug Fixes
NONE
10. SYSLOG (Windows Only)
10.1 Enhancements and Changes
1. Syslog has been rewritten to run as a service; Syslog is now
named GTAsyslog. GB340442
10.2 Modifications
10.3 Bug Fixes
NONE
11. GBAUTH (Windows Only)
11.1 Enhancements and Changes
1. Add support for GBAuth utility to use SSL encryption.
GB340439
2. Add ability to log user's name when authenticated by GBAuth
utility. GB340444
11.2 Modifications
11.3 Bug Fixes
NONE
--------------------------------------------------------------------
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://www.mail-archive.com/[EMAIL PROTECTED]
