GNAT Box System Software ver 3.2, patch level 4 will be available for
download through GTA's on-line support center effective Tuesday, Feb 19,
2002. This update is available free of charge to registered users of GNAT
Box System Software 3.2.x. Those users with earlier versions of GNAT Box
System Software will need to purchase an upgrade contract to take advantage
of these product enhancements.
This new version incorporates activation code changes for the RoBoX product
to support future product enhancements, and several patches to address the
reported instances as listed below:
RoBoX configuration options have been modified through the addition of two
new feature codes: a VPN activation code and a user license feature code.
These feature codes are necessary for future product plans for the RoBoX
family of products. Feature codes are accessible through the on-line
support center.
IMPORTANT: Existing RoBoX owners will need to enter both these codes when
they update their system software in order to maintain VPN functionality and
their 25-user license. Users who upgrade to version 3.2 patch level 4
without entering these activation codes will lose both their VPN
functionality and their 25 User license.
RoBoX users who have purchased and activated additional mobile VPN clients
will only need the 25-user license code. They will not have to update their
current VPN activation code to maintain VPN functionality.
Patch fixes:
Inbound FTP tunnels sometimes fail when accessed from a client using
non-passive mode. Direction for virtual crack associated with PORT command
was changed correctly in version 3.2.3. However, the adjustment for length
changes was changing the sequence instead of the acknowledge portion of the
TCP header.
Configuring HA with HA disabled causes the configuration to reset to non-HA
state when saving.
When doing state transition, HA always attempted to set the default route.
This caused a problem with dynamic protocols such as PPPoE and DHCP.
Saving an IP host address as xxx.xxx.xxx.xxx/255.255.255.255 becomes
xxx.xxx.xxx.xxx/32. Saving IP host address xxx.xxx.xxx.xxx/32 becomes
xxx.xxx.xxx.xxx.
When merging a configuration into an online config, the NIC names in the
Interfaces get overwritten with "???".
See release notes below for more detail.
------------------------------------------------------
Global Technology Associates, Inc.
Title: GNAT Box Firewall System Release Notes
Product: GNAT Box System Software Version 3.2.4
Date: 12 February 2002
--Notes--
Release Notes History
These release notes cover the latest incremental release of GNAT
Box, version 3.2.4. Some users may not have installed version
3.2.2 and 3.2.3, therefore release notes from those versions are
appended to the end of this file.
-------------------------------------------------------------------
NEW CODES REQUIRED FOR UPGRADE
! RoBoX configuration options have been modified through the
! addition of two new feature codes: a VPN activation code and
! a user license feature code. Feature codes are accessible
! through the on-line support center.
!
! Existing RoBoX owners will need to enter these codes when they
! update their system software in order to maintain VPN
! functionality and their 25-user license.
! RoBoX users with existing mobile VPN clients will only need
! the 25-user license code. They will not have to update their
! current VPN activation code to maintain VPN functionality.
-------------------------------------------------------------------
Release Notes include the following sections:
1. System Software
1.1 Enhancements and Changes
1.2 Bug Fixes
2. Services
2.1 Enhancements and Changes
2.2 Bug Fixes
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
3.2 Bug Fixes
4. GBAdmin User Interface
4.1 1 Enhancements and Changes
4.2 Bug Fixes
5. Console User Interface
5.1 Enhancements and Changes
5.2 Bug Fixes
6. Web Browser Interface
6.1 Enhancements and Changes
6.2 Bug Fixes
7. Verification
7.1 Enhancements and Changes
7.2 Bug Fixes
8. Syslogger
8.1 Enhancements and Changes
8.2 Bug Fixes
9. Installers
9.1 Enhancements and Changes
9.2 Bug Fixes
10. GBReports
10.1 Enhancements and Changes
10.2 Bug Fixes
-------------------------------------------------------------------
1. System Software
1.1 Enhancements and Changes
None
1.2 Bug Fixes
1. Inbound FTP tunnels sometimes fail when accessed from a
client using non-passive mode. Direction for virtual crack
associated with PORT command was changed correctly to
outbound in version 3.2.3. However, the adjustment for
length changes was changing the sequence instead of the
acknowledge portion of the TCP header.
Resolution: Adjustment for length changes was corrected to
change the acknowledge portion of the TCP header.
2. Services
2.1 Enhancements and Changes
None
2.2 Bug Fixes
1. Configuring HA with HA disabled causes the configuration to
reset to non-HA state when saving.
Resolution: Only reset to non-HA state if HA was previously
enabled.
2. When doing state transition, HA always attempted to set the
default route. This caused a problem with dynamic protocols
such as PPPoE and DHCP.
Resolution: If no default route is specified, HA does not
reset when doing HA state transition.
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
None
3.2 Bug Fixes
1. Saving an IP host address as xxx.xxx.xxx.xxx/255.255.255.255
becomes xxx.xxx.xxx.xxx/32. Saving IP host address
xxx.xxx.xxx.xxx/32 becomes xxx.xxx.xxx.xxx.
Resolution: Make IP host address
xxx.xxx.xxx.xxx/255.255.255.255 become IP host address
xxx.xxx.xxx.xxx when saving.
4. GBAdmin User Interface
4.1 Enhancements and Changes
None
4.2 Bug Fixes
1. When merging a configuration into an online config, the NIC
names in the Interfaces get overwritten with "???".
Resolution: When online and merging in a config, check the
NIC name in the interface for a match in the NICs. If a
match is found, then leave the NIC name in the Interface.
Otherwise, change the NIC name to "???".
2. Problem: After performing a merge to a system online, you
could no longer save just a section; so, if you wanted to
copy over only a specific section, such as DNS services, you
would have to enter the information by hand.
Resolution: When merging while online, an internal status
flag determines whether you are using a network
configuration. When merging while online, the Net flag is
set.
3. Problem: In the DNS Server, when adding a subnet, the new
entry was always inserted under the first subnet, which is
at the top of the list.
Resolution: Changed to insert the new subnet at the end of
the list to match other sections and interfaces.
Console
WWW
Verification
Syslogger
Installers
GBReports
-------------------------------------------------------------------
-------------------------------------------------------------------
******************************************
Release Notes History
******************************************
Global Technology Associates, Inc.
Title: GNAT Box Firewall System Release Notes
Product: GNAT Box System Software Version 3.2.3
Date: 18 January 2002
--Notes--
Release Notes History
These release notes cover the latest incremental release of GNAT
Box, version 3.2.3. Some users may not have installed version
3.2.2, therefore the version 3.2.2 release notes are appended at
the end of this file.
-------------------------------------------------------------------
These Release Notes includes the following sections:
1. System Software
1.1 Enhancements and Changes
1.2 Bug Fixes
2. Services
2.1 Enhancements and Changes
2.2 Bug Fixes
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
3.2 Bug Fixes
4. GBAdmin User Interface
4.1 1 Enhancements and Changes
4.2 Bug Fixes
5. Console User Interface
5.1 Enhancements and Changes
5.2 Bug Fixes
6. Web Browser Interface
6.1 Enhancements and Changes
6.2 Bug Fixes
7. Verification
7.1 Enhancements and Changes
7.2 Bug Fixes
8. Syslogger
8.1 Enhancements and Changes
8.2 Bug Fixes
9. Installers
9.1 Enhancements and Changes
9.2 Bug Fixes
10. GBReports
10.1 Enhancements and Changes
10.2 Bug Fixes
-------------------------------------------------------------------
1. System Software
1.1 Enhancements and Changes
None
1.2 Bug Fixes
1. When checking for port in use, the NATed IP address was not
being consulted. Thus, even if static outbound mappings are
being used, only one IKE session could be going
to the same remote VPN gateway.
Resolution: Use NATed IP address from outbound mapping
when checking for port utilization.
2. Services
2.1 Enhancements and Changes
1. Change phase II lifetime from 10 minutes to 15 minutes when
using mobile protocol.
2.2 Bug Fixes
None
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
None
3.2 Bug Fixes
1. Force mobile protocol always selected by default for
MOBILE VPN object. This caused maximum phase II lifetime to
be 10 minutes for VPN clients.
Resolution: Deselect force mobile protocol by default.
4. GBAdmin User Interface
4.1 Enhancements and Changes
1. Added the ability to sort the grids by column for the grids
on the following screens:
* Inbound Tunnels
* Static Routes
Double-click the column to sort.
2. Updated Help files.
4.2 Bug Fixes
1. When merging into a configuration, the original feature
codes and serial number are preserved during the merge by
keeping acopy of the old values. However, when merging into
a floppy built with the MakeFloppy.exe program, the feature
codes and serial number are saved as blanks from the floppy
so the restored fields are blank.
Resolution: If the saved feature codes or serial number
fields are empty, there is no attempt to restore them.
2. The progress bar is not being displayed when loading only
the runtime from a floppy.
Resolution: Display the progress bar when loading a
runtime only.
3. Changing from PPP to an IP address does not let you edit the
IP address unless you change sections and come back.
Resolution: When changing the interface from PPP to
something else the read only and enabled properties were
not being updated.
4. It is possible to add more than the maximum allowed number
of users and VPN objects.
Resolution: Add limit for inserting USERS and VPN Objects.
5. It is possible to add an unlimited number of DNS host in
the DNS Server Screen.
Resolution: Added limit for number of DNS host in the DNS
Server screen.
6. It is possible to add an unlimited number of DNS Domains
and Networks in the DNS Server Screen.
Resolution: Added limit for number of DNS Domains and
Networks in the DNS Server screen.
7. If you double-click on the toolbar to move it, GBAdmin
will crash with a divide by 0 error. It also does not draw
the grid properly.
Resolution: There was a problem in the OnSize for the grids.
The height of a row was being reported incorrectly as 0. It
now gets the correct height even if there are no rows.
8. When merging in a configuration from an older system, 3.2.1
or earlier: if the external interface is named anything
other than "EXTERNAL". The local gateway and local network
do not get converted properly.
Resolution: When doing the merge the local gateway was being
set to "EXTERNAL". Now we look for the IP address that was in
the old config and use the name for that interface if found.
If the interface is not found then we search for the first
external interface and use the name of that interface.
9. When upgrading the GNAT Box Pro system, the user loses the
local network and gateway in the VPN Objects section if the
gateway's logical name was other than "EXTERNAL."
Resolution: GBAdmin looks for the IP address of the VPN's
gateway from the old configuration. If this is not available,
GBAdmin uses the logical name of the first External Interface.
10. New default "Protected Networks Object" is being written over
in the 3.2.2 upgrade process, causing the new default VPN Objects
to be incorrect.
Resolution: When upgrading a configuration, the default
Address Objects are restored to the configuration.
5. Console User Interface
5.1 Enhancements and Changes
None
5.2 Bug Fixes
None
6. Web Browser Interface
6.1 Enhancements and Changes
None
6.2 Bug Fixes
1. Upload configuration not working.
Resolution: Make code use interface configuration load
routine correctly.
7. Verification
7.1 Enhancements and Changes
None
7.2 Bug Fixes
1. On the VPN Object screen, if an object that doesn't exist is
used for a network entry. It is not flagged by the
validation routine.
Resolution: Added code to catch the case of the object not
existing for a network entry on the VPN Object screen.
2. When using a filter to allow access to an inbound tunnel,
and the filter's destination object uses an interface object,
you get a warning verification message that says, "tunnel is
denied by all remote access filters."
Resolution: Have tunnel verification code check object names
against interface and alias names in addition to
address objects.
8. Syslogger
8.1 Enhancements and Changes
None
8.2 Bug Fixes
1. If window is smaller than number of rows to display, the
window doesn't correctly scroll to the bottom when inserting
a new message.
Resolution: Change display to use descending order (newest
to oldest).
9. Installers
9.1 Enhancements and Changes
None
9.2 Bug Fixes
None
10. GBReports
10.1 Enhancements and Changes
None
10.2 Bug Fixes
1. Unable to execute on Windows NT systems.
Resolution: Modified to execute on Windows NT systems.
-------------------------------------------------------------------
-------------------------------------------------------------------
Global Technology Associates, Inc.
Title: GNAT Box Firewall System Release Notes
Product: GNAT Box System Software Version 3.2.2
Date: 04 January 2002
--Notes--
SSL Encryption
Default
GNAT Box System Software 3.2.2 defaults to use SSL Encryption for
the Web interface. If you are installing or using the software for
the first time, SSL will be on. If you default your system after
installing version 3.2.2, SSL will turn on.
Microsoft Internet Explorer 5 for Macintosh incompatibility
For most browser/OS combinations, you will be able to use the Web
interface with no changes to the SSL encryption. However, if you
are using Internet Explorer 5 for Macintosh, the browser will not
allow you to accept or install the Security Certificate and go to
the GTA Firewall. To use Internet Explorer 5 for Macintosh, you
must turn off SSL Encryption. See Addendum for more information.
Microsoft Internet Explorer 5 Export version SSL 3.0
Microsoft Internet Explorer 5 Export version (40-bit) with
Windows 98, NT improperly implements SSL 3.0, therefore you must
disable SSL 3.0 so that the system will default to SSL 2.0 in
order to use SSL encryption.
To disable SSL 3.0: In the browser, under Tools/Internet Options,
click the Advanced tab. Move down to the Security section and
uncheck "Use SSL 3.0," then click OK.
-------------------------------------------------------------------
These Release Notes includes the following sections:
1. System Software
1.1 Enhancements and Changes
1.2 Bug Fixes
2. Services
2.1 Enhancements and Changes
2.2 Bug Fixes
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
3.2 Bug Fixes
4. GBAdmin User Interface
4.1 1 Enhancements and Changes
4.2 Bug Fixes
5. Console User Interface
5.1 Enhancements and Changes
5.2 Bug Fixes
6. Web Browser Interface
6.1 Enhancements and Changes
6.2 Bug Fixes
7. Verification
7.1 Enhancements and Changes
7.2 Bug Fixes
8. Syslogger
8.1 Enhancements and Changes
8.2 Bug Fixes
9. Installers
9.1 Enhancements and Changes
9.2 Bug Fixes
-------------------------------------------------------------------
1. System Software
1.1 Enhancements and Changes
1. Performance enhancement for how interfaces are tracked in
filters, anti-spoofing and IP pass through.
1.2 Bug Fixes
1. Using a modem for serial console can keep a GB-1000 from
booting due to output from modem.
Resolution: Ignore all input while booting.
2. ICMP based traceroute dropping every other packet. ICMP
tunnels being viewed as reserved port connections. This
causes tunnel to close immediately without waiting for close
timeout to be reached. Resolution: Change processing of ICMP
messages to not close the tunnel for ICMP time exceeded
messages.
3. GB-100, GNAT Box Pro, GNAT Box Light and GNAT Box Demo
runtime image too large to add desired enhancements.
Resolution: Reduce console interface on these products.
4. TTL value for inbound tunnels not being decremented.
Resolution: Make inbound tunnels decrement TTL value before
forwarding packet to end of tunnel.
5. Multiple ISAKMP connections from behind a GNAT Box not working
simultaneously.
Resolution: Use both port (500) and destination address when
verifying that connection is unique.
6. When there are multiple connections to the internet, packets
can arrive on a different interface than expected by spoof
checks.
Resolution: Make spoof checker ignore spoofs that arrive on
an external interface and the return interface is also an
external interface.
7. Serial interface locked at 19200 on GB-25 even using PPP.
Resolution: Don't lock speed of serial console on GB-25.
8. When using IP pass through, virtual cracks be opened
correctly for all FTP cases.
Resolution: Make inbound non-passive FTP and outbound passive
FTP use correct source port when opening virtual crack.
2. Services
2.1 Enhancements and Changes
1. Add user section for capturing information about mobile VPN
users.
2. Introduce VPN objects that simplify the specification of VPNs.
3. Update DNS server to BIND version 8.2.5.
4. Introduce optional out-of-band VPN Client authentication.
(GBAuth. See VPN Client User's Guide and gbauth.txt for more
information.)
2.2 Bug Fixes
1. Many users are entering incorrect static routes needed for the
gateway selector to function correctly.
Resolution: When pinging a beacon, make gateway selector send
packet via associated gateway.
2. The orbs blackhole list has closed down.
Resolution: Replace it with ordb (http://www.ordb.org).
3. The mail-abuse blackhole lists are now pay subscription based.
Resolution: Disable mail-abuse list by default and replace
dialups.mail-abuse.org with inputs.orbz.org.
4. HA option uses the same virtual address on all interfaces. In
recommended configurations, this did not cause a problem, but
users plug in different interfaces into the same switch had
problems.
Resolution: Add interface number to virtual MAC address so
that each interface has a unique virtual MAC address.
5. CyberNOT sometimes "hangs," continuously updating with a
"lock exists" message.
Resolution: Add timeout to exit CyberNOT update after a
certain period and then retry.
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
1. Add default address object containing all protected networks.
2. Change how IP address/mask combinations are entered. Old
format used two fields, one for address and one for mask. New
format uses a single field. Examples are:
Example Description
192.168.13.1 Host
192.168.13.0/24 Number of bits
192.168.13.0/255.255.255.0 Mask
192.168.13.0-192.168.13.255 Range
3. Add interface and alias names as valid objects to remote
access filters and address objects.
4. Combine remote access filters allowing access to RMC and WWW
admin services into a single filter.
5. Change VRID number range in H2A feature from 1-255 to 0-15.
Only applicable to GB-1000 and GB-1000+.
3.2 Bug Fixes
1. Requests have been made to make default pass thru filters for
VPNs enabled by default.
Resolution: Enable default pass thru filters created for VPNs
and Users.
4. GBAdmin User Interface
4.1 Enhancements and Changes
1. Added a progress dialog for runtime updates.
2. Added a check for the proper version when loading the runtime
from floppy. If the version loaded from the floppy is not
compatible with the current version of GBAdmin the runtime
will be discarded. The configuration information will still
be loaded.
3. You can now edit the NIC properties on the NetInfo screen.
4. Simplify interface by removing features not available on the
selected product.
4.2 Bug Fixes
1. When using a manual VPN the mask for the remote address keeps
going to 255.255.255.255
Resolution: The mask code for mobile VPN was applied to the
manual VPN, causing the mask to change.
2. When cutting/pasting into the VPN screen. The underlying data
pointers would eventually be referencing the wrong data item.
Resolution: Updated the way that the index for the underlying
data was calculated.
3. If you are online to a GNAT Box and you use "Save As" from
the file menu. The title will change from the IP address to
the name of the new file. But, you are still online with
the GNAT Box.
Resolution: Changed "File/Save As" to "File/Save Copy As"
this will save a copy of the current configuration to the
selected file. And leave the current active file alone.
4. In the address objects if you try to nest address objects you
will get a random IP address instead.
Resolution: The bit that indicates the address object is
an address object not an address was not getting set.
5. When merging a configuration into a loaded system. The
network interfaces are set to "???" because the logical
interfaces need to be matched up with the physical interfaces.
The status indicator is green which indicates a valid
configuration. If you save the configuration at this time
the system will no longer be able to communicate.
Resolution: Blocked saving the configuration if any of the
logical interfaces have a NIC of "???". Also forced validation
of the tree after the merge operation, which causes the status
indicator to turn red.
6. GBAdmin would set the communication port for the pager to the
wrong value.
Resolution: GBAdmin will now set the communication port for
the pager to the proper value.
7. You could enter a blank password using spaces.
Resolution: No longer allow the user to enter a password of
all spaces.
8. On the alias screen if you click on the gray area below the
grid, then hit enter, the grid will disappear.
Resolution: An IDOK message was being sent and processed by
the default CDialog. Added redundant OnOK message process to
correct. Problem also corrected in Passwords screen.
9. If you have ten addresses (the maximum) in the first address
object in the list, no address objects can be added to any
other address objects.
Resolution: Directed the code to the count the items in the
current address object.
10. When deleting VPN objects, Users or VPNs, the item above
would be deleted.
Resolution: Repair an internal index that was off by 1.
11. If the last column of a grid was clicked and the scroll bar
was up, the whole grid would shift to the left by one column.
Resolution: Make sure the grid window is large enough for
the scroll bar.
12. If filters are cut and pasted, they do not display correctly.
Resolution: Repair an errant copy constructor for the
filter items.
5. Console User Interface
5.1 Enhancements and Changes
None
5.2 Bug Fixes
None
6. Web Browser Interface
6.1 Enhancements and Changes
1. Move MAC address to second column on network information
screen to make it consistent with GBAdmin and Console.
2. Add SSL support to GB-1000, GB-Flash and RoBoX.
7. Verification
7.1 Enhancements and Changes
None
7.2 Bug Fixes
None
8. Syslogger
8.1 Enhancements and Changes
1. Change default configuration to 20 files each with a maximum
of 500Kb.
8.2 Bug Fixes
None.
9. Installers
9.1 Enhancements and Changes
1. All installers install with a version number so that multiple
versions can be installed on the same PC.
9.2 Bug Fixes
None
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
