Version 3.2.2 of the GNAT Box system software has been released.
You can download the software from the GTA online Support Center,
which can be accessed at this URL:
https://www.gta.com/support/logon.php
Here are the release notes for version 3.2.2
Global Technology Associates, Inc.
Title: GNAT Box Firewall System Release Notes
Product: GNAT Box System Software Version 3.2.2
Date: 18 December 2001
-- Important Note --
SSL Encryption
Default Mode
GNAT Box System Software 3.2.2 defaults to use SSL Encryption for the
Web interface. If you are installing or using the software for the
first time, SSL will be on. If you default your system after
installing version 3.2.2, SSL will turn on.
Microsoft Internet Explorer 5 for Macintosh incompatibility
For most browser/OS combinations, you will be able to use the Web
interface with no changes to the SSL encryption. However, if you are
using Internet Explorer 5 for Macintosh, the browser will not allow
you to accept or install the Security Certificate and go to the GTA
Firewall. To use Internet Explorer 5 for Macintosh, you must turn off
SSL Encryption. See the Addendum for more information.
Microsoft Internet Explorer 5 Export version SSL 3.0
Microsoft Internet Explorer 5 Export version (40-bit) with Windows
98, NT improperly implements SSL 3.0, therefore you must disable SSL
3.0 so that the system will default to SSL 2.0 in order to use SSL
encryption.
To disable SSL 3.0: In the browser, under Tools/Internet Options,
click the Advanced tab. Move down to the Security section and uncheck
"Use SSL 3.0," then click OK.
-------------------------------------------------------------------------------
These Release Notes includes the following sections:
1. System Software
1.1 Enhancements and Changes
1.2 Bug Fixes
2. Services
2.1 Enhancements and Changes
2.2 Bug Fixes
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
3.2 Bug Fixes
4. GBAdmin User Interface
4.1 1 Enhancements and Changes
4.2 Bug Fixes
5. Console User Interface
5.1 Enhancements and Changes
5.2 Bug Fixes
6. Web Browser Interface
6.1 Enhancements and Changes
6.2 Bug Fixes
7. Verification
7.1 Enhancements and Changes
7.2 Bug Fixes
8. Syslogger
8.1 Enhancements and Changes
8.2 Bug Fixes
9. Installers
9.1 Enhancements and Changes
9.2 Bug Fixes
-------------------------------------------------------------------------------
1. System Software
1.1 Enhancements and Changes
1. Performance enhancement for how interfaces are tracked in filters, anti-
spoofing and IP pass through.
1.2 Bug Fixes
1. Using a modem for serial console can keep a GB-1000 from booting due to
output from modem.
Resolution: Ignore all input while booting.
2. ICMP based traceroute dropping every other packet. ICMP tunnels being
viewed as reserved port connections. This causes tunnel to close
immediately without waiting for close timeout to be reached.
Resolution: Change processing of ICMP messages to not close the
tunnel for ICMP time exceeded messages.
3. GB-100 runtime image too large to add desired enhancements.
Resolution: Reduce console interface.
4. TTL value for inbound tunnels not being decremented.
Resolution: Make inbound tunnels decrement TTL value before forwarding
packet to end of tunnel.
5. Multiple ISAKMP connections from behind a GNAT Box not working
simultaneously.
Resolution: Use both port (500) and destination address when verifying
that connection is unique.
6. When there are multiple connections to the internet, packets can arrive
on a different interface than expected by spoof checks.
Resolution: Make spoof checker ignore spoofs that arrive on an
external interface and the return interface is also an external
interface.
7. Serial interface locked at 19200 on GB-25 even using PPP.
Resolution: Don't lock speed of serial console on GB-25.
8. When using IP pass through, virtual cracks be opened correctly for
all FTP cases.
Resolution: Make inbound non-passive FTP and outbound passive FTP use
correct source port when opening virtual crack.
2. Services
2.1 Enhancements and Changes
1. Add user section for capturing information about mobile VPN users.
2. Introduce VPN objects that simplify the specification of VPNs.
3. Update DNS server to BIND version 8.2.5.
4. Introduce optional out-of-band VPN Client authentication. (GBAuth.
See VPN Client User's
Guide and gbauth.txt for more information.)
2.2 Bug Fixes
1. Many users are entering incorrect static routes needed for the
gateway selector to function correctly.
Resolution: When pinging a beacon, make gateway selector send packet
via associated gateway.
2. The orbs blackhole list has closed down.
Resolution: Replace it with ordb (http://www.ordb.org).
3. The mail-abuse blackhole lists are now pay subscription based.
Resolution: Disable mail-abuse list by default and replace
dialups.mail-abuse.org with inputs.orbz.org.
4. HA option uses the same virtual address on all interfaces. In
recommended configurations, this did not cause a problem, but users
plug in different interfaces into the same switch had problems.
Resolution: Add interface number to virtual MAC address so that each
interface has a unique virtual MAC address.
5. CyberNOT sometimes "hangs," continuously updating with a
"lock exists" message.
Resolution: Add timeout to exit CyberNOT update after a certain
period and then retry.
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
1. Add default address object containing all protected networks.
2. Change how IP address/mask combinations are entered. Old format used two
fields, one for address and one for mask. New format uses a single
field. Examples are:
Example Description
192.168.13.1 Host
192.168.13.0/24 Number of bits
192.168.13.0/255.255.255.0 Mask
192.168.13.0-192.168.13.255 Range
3. Add interface and alias names as valid objects to remote access filters
and address objects.
4. Combine remote access filters allowing access to RMC and WWW admin
services into a single filter.
5. Change VRID number range in H2A feature from 1-255 to 0-15. Only
applicable to GB-1000 and GB-1000+.
3.2 Bug Fixes
1. Requests have been made to make default pass thru filters for VPNs
enabled by default.
Resolution: Enable default pass thru filters created for VPNs
and Users.
4. GBAdmin User Interface
4.1 Enhancements and Changes
1. Added a progress dialog for runtime updates.
2. Added a check for the proper version when loading the runtime from floppy.
If the version loaded from the floppy is not compatible with the
current version of GBAdmin the runtime will be discarded. The
configuration information will still be loaded.
3. You can now edit the NIC properties on the NetInfo screen.
4. Simplify interface by removing features not available on the selected
product.
4.2 Bug Fixes
1. When using a manual VPN the mask for the remote address keeps going to
255.255.255.255
Resolution: The mask code for mobile VPN was applied to the manual VPN,
causing the mask to change.
2. When cutting/pasting into the VPN screen. The underlying data pointers
would eventually be referencing the wrong data item.
Resolution: Updated the way that the index for the underlying data was
calculated.
3. If you are online to a GNAT Box and you use "Save As" from the file menu.
The title will change from the IP address to the name of the new file.
But, you are still online with the GNAT Box.
Resolution: Changed "File/Save As" to "File/Save Copy As" this will
save a copy of the current configuration to the selected file. And
leave the current active file alone.
4. In the address objects if you try to nest address objects you will get a
random IP address instead.
Resolution: The bit that indicates the address object is an address
object not an address was not getting set.
5. When merging a configuration into a loaded system. The network interfaces
are set to "???" because the logical interfaces need to be matched up
with the physical interfaces. The status indicator is green which
indicates a valid configuration. If you save the configuration at this
time the system will no longer be able to communicate.
Resolution: Blocked saving the configuration if any of the logical
interfaces have a NIC of "???". Also forced validation of the tree
after the merge operation, which causes the status indicator to turn
red.
6. GBAdmin would set the communication port for the pager to the wrong value.
Resolution: GBAdmin will now set the communication port for the pager
to the proper value.
7. You could enter a blank password using spaces.
Resolution: No longer allow the user to enter a password of all spaces.
8. On the alias screen if you click on the gray area below the grid, then
hit enter, the grid will disapear.
Resolution: An IDOK message was being sent and processed by the default
CDialog. Added redundant OnOK message process to correct. Problem also
corrected in Passwords screen.
9. If you have ten addresses (the maximum) in the first address object in
the list, no address objects can be added to any other address objects.
Resolution: Directed the code to the count the items in the
current address
object.
5. Console User Interface
5.1 Enhancements and Changes
None
5.2 Bug Fixes
None
6. Web Browser Interface
6.1 Enhancements and Changes
1. Move MAC address to second column on network information screen to make
it consistent with GBAdmin and Console.
2. Add SSL support to GB-1000, GB-Flash and RoBoX.
7. Verification
7.1 Enhancements and Changes
None
7.2 Bug Fixes
None
8. Syslogger
8.1 Enhancements and Changes
1. Change default configuration to 20 files each with a maximum
of 500Kb.
8.2 Bug Fixes
None
9. Installers
9.1 Enhancements and Changes
1. All installers install with a version number so that multiple
versions can be installed on the same PC.
9.2 Bug Fixes
None
--
----------------------------------------------------------------------------
Paul Emerson Tel: +1.407.380.0220 x1106
Global Technology Associates, Inc. Fax: +1.407.380.6080
3505 Lake Lynda Drive Mobile: +1.407.310.8563
Suite 109 Email: [EMAIL PROTECTED]
Orlando, Florida 32817 USA Web: http://www.gta.com
Mobile Email: [EMAIL PROTECTED]
----------------------------------------------------------------------------
