[ This was posted to gta-announce the other day. I'm posting this to
gb-users due to popular request. If anyone has any comments, please send
them to me. -dsr]
GTA released GNAT Box System Software version 3.3.1 (version 3.3 patch
level 1) and version 3.2.6 (ver 3.2 patch level 6) on Oct. 18, 2002.
These patch level releases address items relating to potential
vulnerabilities identified in certain components utilized in GNAT Box
System Software. These vulnerabilities may cause GTA firewall systems or
optional features to function irregularly or crash. GTA recommends users
update their product with these patch level release for improved
performance. (See included release notes.)
GNAT Box System Software version 3.3.1 also addresses items relating to
virtual cracks for gaming software, GBAdmin issues and default settings.
(See included release notes.)
GNAT Box System Software version 3.3.1 is available for download at the
GTA on-line support center at no charge for customers with GNAT Box System
Software version 3.3 or with a valid support contract.
GNAT Box System Software version 3.2.6 is available for download at the
GTA on-line support center at no charge for those customers who are
running GNAT Box System Software ver 3.2.x, and have not yet upgraded to
version 3.3.
Other users should contact GTA or their authorized GTA channel partner for
information on upgrading.
GTA will begin shipping products with GNAT Box System Software version
3.3.1 by October 21, 2002.
--------------------------------------------------------------------
Release331.txt
--------------------------------------------------------------------
Global Technology Associates, Inc.
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software Version 3.3.1
Date: 17 October 2002
RELEASE NOTES HISTORY
These notes cover the latest release of GNAT Box System Software,
version 3.3.1. Release notes for previous versions can be found on
www.gta.com.
====================================================================
UPGRADES
! CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE. !
--------------------------
SSL ENCRYPTION
---
Default SSL Settings
If you are upgrading from a version previous to 3.2.2, SSL will be
disabled and the default port will be set to 80. To enable SSL
encryption, first copy your current Remote Access Filter for web
access, change the port number to 443 and enable it without
disabling your old filter. Save the section. Next, default and save
the Remote Admin/Authentication function under Authorization and
save the section. This will enable all encryption and change the
server port to 443. Once SSL encryption is activated on port 443,
you can delete your old web access filter.
--------------------------
HIGH AVAILABILITY NAMES
---
H2A systems now use Interface Object names (default, HA-EXTERNAL,
HA-PROTECTED), so it may be helpful to change the references to your
HA systems to reflect the new nomenclature, especially in VPN
Objects and Remote Access Filters.
--------------------------
GB-100 UPGRADES
---
GB-100 directory parameters have been changed in the disk label to
free up space for the enhanced GNAT Box System Software version
3.3.1 runtime. Revising the disk label requires a destructive
installation of version 3.3.1 using GB-100 installation floppies.
! BACK UP YOUR CONFIGURATION --- DESTRUCTIVE !
! INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS.!
--------------------------
NETWORK INTERFACE CARDS
---
See GTA's website at www.gta.com for an up-to-date list of
compatible NICs.
====================================================================
KNOWN BROWSER ISSUES
--------------------------
Internet Explorer 5 For Macintosh
---
Internet Explorer 5 browser for the Macintosh platform will not
allow you to accept or install the SSL security certificate. SSL
must be disabled to use this combination.
--------------------------
Internet Explorer 5 Export Version, No Patch
---
Because of security flaws in SSL version 2.0, GTA has removed SSL
2.0 support. IE 5 Export version improperly implements
SSL version 3.0, you must have installed the IE security patches in
order to use SSL 3.0 in GNAT Box System Software 3.3.1.
--------------------------
Netscape/Mozilla Browser Issues
---
If you are unable to log on to your GTA Firewall after upgrading,
delete the security certificate in your browser, then exit and
restart to restore access. Version 3.3.1 installs a new default
security certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new default if the original default
certificate has never been replaced.
====================================================================
Release Notes include the following sections:
1. SYSTEM SOFTWARE
1.1 Enhancements and Changes
1.2 Bug Fixes
2. SERVICES
2.1 Enhancements and Changes
2.2 Bug Fixes
3. ALL USER INTERFACES
3.1 Enhancements and Changes
3.2 Bug Fixes
4. GBADMIN (Windows Only)
4.1 Enhancements and Changes
4.2 Bug Fixes
5. WEB
5.1 Enhancements and Changes
5.2 Bug Fixes
6. CONSOLE
6.1 Enhancements and Changes
6.2 Bug Fixes
7. CONTENT FILTERING
7.1 Enhancements and Changes
7.2 Bug Fixes
8. VERIFICATION
8.1 Enhancements and Changes
8.2 Bug Fixes
9. SYSLOG
9.1 Enhancements and Changes
9.2 Bug Fixes
10. INSTALLERS
10.1 Enhancements and Changes
10.2 Bug Fixes
11. GBREPORTS
11.1 Enhancements and Changes
11.2 Bug Fixes
12. GBAUTH
12.1 Enhancements and Changes
12.2 Bug Fixes
13. GB-DBMAINT
13.1 Enhancements and Changes
13.2 Bug Fixes
--------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements and Changes
1. When using WELF, record packets sent and received. GB331285
Added feature to record packets sent and received when logging
in WELF. New log message fields are pkts_sent and pkts_rcvd.
2. Add log message stating that the firewall is active at
startup. GB331286
GNAT Box System Software now logs the startup of the firewall.
"GNAT Box active" is now the first message to appear in the log.
3. Removal of support for token-ring and gigabit in GB-100 product.
Due to size increases associated with enhancements and bug fixes,
support for token-ring and gigabit has been dropped from the GB-100
product.
1.2 Bug Fixes
1. Using games that access Blizzard's battle.net, XDM or CUSeeMe
through a GTA Firewall causes the system to crash
intermittently. GB3310273
Resolution:
Revised code to correctly set flag in virtual crack to be an IP
address and not an object.
2. Static Address Mappings that map local services to an alias
don't perform mapping for TCP services. GB331294
Resolution:
Static Address Mapping now works for TCP services.
3. Alarms and email notifications are sent for Doorknob Twists
even when the option is disabled. GB331028
Resolution:
Alarms and notifications are no longer generated by a Doorknob
Twist when the option is disabled.
4. Filter blocks always appear as the user facility in the log,
regardless of the Filter Facility set in the Remote Logging
section. GB331261
Resolution:
The Filter Facility set in Remote Logging now appears correctly
in the log.
5. Multiple PPPoE configurations sharing a single NIC do not
work properly if one is misconfigured. GB331291
Resolution:
Now, when a misconfigured PPPoE configuration shuts down, other
PPPoE connections on the same NIC continue to work properly.
6. Reading a configuration file under Windows 98 is very slow.
GB331311
Resolution:
Changed the file routines so that the system moves between
sections more rapidly.
7. CERT Vulnerability VU#459371 - Multiple IPsec implementations
do not adequately validate authentication data. GB331306
Resolution:
The IPSec code module now fully validates authentication data
for ESP packets.
8. The SNMP facility can be crashed if it attempts to process a
specially crafted packet. This issue potentially affects any GTA
firewall using the SNMP facility. GB331310
Resolution:
The SNMP facility now properly validates SNMP query packets.
2. SERVICES
2.1 Enhancements and Changes
1. Make ident service respond only to hosts that have
established TCP connections to or through the firewall.
GB331292
Allow connections to the ident service only for hosts that have
already established TCP connections to or through the GTA
Firewall.
2.2 Bug Fixes
1. When upgrading, if a tunnel has a source IP address that
matches an alias and the HA virtual IP address, the tunnel
will reference the HA object instead of the Alias object.
GB331263
Resolution:
The system now correctly references the selected alias object
when upgrading.
2. Console interface access is sometimes locked out after a
failed attacker identification attempt during an attack on
the Web interface. GB331269
Resolution:
An attack on the Web interface will no longer cause the Console
interface to lock out.
3. In Gateway Selector, if a PPP interface used as the primary
gateway fails to connect, the Gateway Selector will not
work. GB331301
Resolution:
Now the Gateway Selector will not assume that the primary
interface is working initially, therefore it will not get stuck
looking for a non-existent state change.
4. Interior routers cannot learn the default route. GB331308
Resolution:
Change the metric of RIP from 14 to 1, allowing interior routers
to learn the default route.
5. The SMTP proxy goes into a loop if an email destination
address contains the character "%," stopping when the process is
killed by an idle timeout after 120 seconds. GB331307
Resolution:
SMTP proxy now correctly validates domains delimited using the
"%" character.
6. The Gateway Selector fails to change to an alternate default
route in some cases in which "Ping secondary only if primary
down" is selected. GB331312
Resolution:
Change gateway selector logic not to assume that the primary
gateway is reachable when selector starts.
3. ALL USER INTERFACES
3.1 Enhancements and Changes
1. Make Stealth Mode the Default Factory Setting. GB331284
Made Stealth Mode the default factory setting for GNAT Box
System Software so that the External Interface does not respond
to pings or trace routes.
3.2 Bug Fixes
1. Time Groups cannot be made active from 11:50 pm to midnight
when creating a block that extends from one day to the next.
GB331213
Resolution:
"24:00" can now be used to indicate the end of the day.
2. Aliases have a default name, which is inconsistent with the
rest of the GNAT Box system. GB331272
Resolution:
Aliases now do not have a default name.
4. GBADMIN (Windows Only)
4.1 Enhancements and Changes
NONE
4.2 Bug Fixes
1. Resizing a GBAdmin list window with no entries (rows) causes
GBAdmin to crash. GB331257
Resolution:
Resizing an empty list window no longer crashes the interface.
2. Verification is not performed on a section until after the
section is saved. GB331252
Resolution:
Verification now occurs before saving a section; all validation
errors in the current section must be corrected before the
section can be saved.
3. Copy functions unavailable in View Log Messages list in
System Activity. GB331265
Resolution:
Copy and paste functions are now available in View Log Messages.
4. COM Port is being set incorrectly to COM0, causing PPP to
fail. GB331266
Resolution:
COM Port is now being set correctly.
5. In the VPN Objects section, HA interface names do not
display in the dropdown box for the Local Gateway. GB331270
Resolution:
HA Interface names now appear in the selection list for Local
Gateway.
6. When saving a configuration with GBAdmin 3.3.0, name fields
are truncated to 19 characters. This truncation can cause
data loss in multi-byte Asian strings. GB331275
Resolution:
Allow user to enter 19 visual characters, regardless of actual
string length.
7. Some grids use the Arial font. Kanji text converts to
nonsense when displayed in these grids. GB331282
Resolution:
Use system font for grid. The system font is capable of
displaying Kanji on Asian versions of Windows.
8. Vertical scroll bar is cropped on the right side of the
window when GBAdmin is resized to smallest horizontal width.
GB331259
Resolution:
Horizontal scroll bar now scrolls all the way from left to right
after resizing.
9. After deleting all VPN Objects and moving to another
section, VPN Object fields are not disabled (greyed out).
GB331262
Resolution:
VPN Object fields are now disabled (greyed out) after all
objects have been deleted.
10. In the Filters/Time Group section, selecting OK in the Time
Edit Dialog dialog does not close the Time Edit dialog.
GB331264
Resolution:
Selecting the OK button now closes the Time Edit dialog box in
the Filters/Time Group section.
11. Resizing the Inbound Tunnels screen from small to large
creates a redraw problem on the right-hand side of the
screen. GB331267
Resolution:
Corrected redraw problem when resizing Inbound Tunnels screen.
12. COM4 is missing from the PPP COM Port selection dropdown box
in GB-Pro, GNAT Box Light, GNAT Box Demo, GB-Flash, and
GB-100. GB331274
Resolution:
Added COM Port 4 selection to the dropdown box in these
products.
13. In DHCP server, the user can add more than five exclusion
ranges. In addtion, multiple rows cannot be deleted
properly. GB331288
Resolution:
Modified the code so that the correct number of rows can be
added, and multiple rows can be deleted properly.
14. GBAdmin prevents the user from creating a GNAT Box Floppy if
no runtime is loaded. GB331299
Resolution:
The user can now create a GNAT Box Floppy even if a runtime is
not loaded into GBAdmin. Now, when saving, GBAdmin will display
a warning that no runtime is loaded.
15. In Static Routes, any entered mask is lost. GB331300
Resolution:
Any entered mask now remains in network address field.
16. Selecting "Use old log format" in the Remote Logging section
does not work.
Resolution:
The "Use old log format" option in GBAdmin now functions
correctly.
5. WEB
5.1 Enhancements and Changes
NONE
5.2 Bug Fixes
1. Surf Sentinel category "Abortion Advocacy" missing from Web
interface. GB331258
Resolution:
Added missing category.
2. GB-Flash Serial console (SIO) version. Only the COM2
selection is available on the Web interface.
Resolution:
All available COM ports now appear on the Web interface in the
SIO version of GB-Flash.
6. CONSOLE
NONE
7. CONTENT FILTERING
7.1 Enhancements and Changes
NONE
7.2 Bug Fixes
1. Firewall logs http connections as "cat_site: Unknown" when
unable to determine categorization. GB331276
Resolution:
Log cat_site only when the category can be determined.
8. VERIFICATION
8.1 Enhancements and Changes
1. Verification does not catch case in which HA is disabled and
an HA interface object is referenced elsewhere in the
configuration. GB331303
Resolution:
If HA is disabled, and an HA interface object is used, the
system will now create a verification error message.
8.2 Bug Fixes
NONE
9. SYSLOG
9.1 Enhancements and Changes
NONE
9.2 Bug Fixes
1. The Syslog displays "unable to parse" pop-up error message
when the WELF parser encounters an unknown field. GB331293
Resolution:
Change syslog code to ignore unknown fields.
10. INSTALLERS
10.1 Enhancements and Changes
NONE
10.2 Bug Fixes
1. Custom install offers to create shortcuts to Syslog and
GBAdmin when these options have not been selected. GB331298
Resolution:
Installers now check for existing programs before offering to
create icons or shortcuts.
11. GBREPORTS
11.1 Enhancements and Changes
1. Add ability for GBReports to import logs in WebTrends'
syslog format. GB331304
GBReports is now able to import logs from third-party syslog
programs that use WebTrends syslog format.
11.2 Bug Fixes
NONE
12. GBAUTH
NONE
13. GB-DBMAINT
13.1 Enhancements and Changes
NONE
13.2 Bug Fixes
1. When Purge Old Records is selected and "Backup old records
first" is unchecked, GB-DBMaint.exe crashes because it
attempts to write to an unopened backup file. GB331271
Resolution:
The program no longer attempts to write to an unopened backup
file.
--------------------------------------------------------------------
Release326.txt
--------------------------------------------------------------------
Global Technology Associates, Inc.
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software Version 3.2.6
Date: 17 October 2002
RELEASE NOTES HISTORY
These notes cover an incremental release of GNAT Box System
Software, version 3.2. Release notes for 3.2.5 and other versions
can be found on www.gta.com.
====================================================================
UPGRADES
! CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE. !
--------------------------
SSL ENCRYPTION
---
Default SSL Settings
If you are upgrading from a version previous to 3.2.2, SSL will be
disabled and the default port will be set to 80. To enable SSL
encryption, first copy your current Remote Access Filter for web
access, change the port number to 443 and enable it without
disabling your old filter. Save the section. Next, default and save
the Remote Admin/Authentication function under Authorization and
save the section. This will enable all encryption and change the
server port to 443. Once SSL encryption is activated on port 443,
you can delete your old web access filter.
--------------------------
GB-100 UPGRADES
---
GB-100 directory parameters have been changed in the disk label to
free up space for the enhanced GNAT Box System Software runtime.
Revising the disk label requires a destructive installation using GB-100
installation floppies.
! BACK UP YOUR CONFIGURATION --- DESTRUCTIVE !
! INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS.!
--------------------------
NETWORK INTERFACE CARDS
---
See GTA's website at www.gta.com for an up-to-date list of
compatible NICs.
====================================================================
KNOWN BROWSER ISSUES
--------------------------
Internet Explorer 5 For Macintosh
---
Internet Explorer 5 browser for the Macintosh platform will not
allow you to accept or install the SSL security certificate. SSL
must be disabled to use this combination.
====================================================================
Release Notes include the following sections with the subsection 1:
Enhancements and Changes, and subsection 2: Bug Fixes. "None" means
there are no issues in that subsection addressed in this release.
1. SYSTEM SOFTWARE
2. SERVICES
3. ALL USER INTERFACES
4. GBADMIN (Windows Only)
5. WEB
6. CONSOLE
7. CONTENT FILTERING
8. VERIFICATION
9. SYSLOG
10. INSTALLERS
11. GBREPORTS
12. GBAUTH
------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements and Changes
1. New BIND version.
DNS server updated to BIND version 8.3.3.
2. Removal of support for token-ring and gigabit in GB-100 product.
Due to size increases associated with enhancements and bug fixes,
support for token-ring and gigabit has been dropped from the GB-100
product.
1.2 Bug Fixes
1. CERT Vulnerability VU#459371 - Multiple IPsec implementations
do not adequately validate authentication data.
Resolution:
The IPSec code module now fully validates authentication data
for ESP packets.
2. The SNMP facility can be crashed if it attempts to process a
specially crafted packet. This issue potentially affects any GTA
firewall using the SNMP facility.
Resolution:
The SNMP facility now properly validates SNMP query packets.
2. SERVICES
NONE
3. ALL USER INTERFACES
NONE
4. GBADMIN (Windows Only)
NONE
5. WEB
NONE
6. CONSOLE
NONE
7. CONTENT FILTERING
NONE
8. VERIFICATION
NONE
9. SYSLOG
NONE
10. INSTALLERS
NONE
11. GBREPORTS
NONE
12. GBAUTH
NONE
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/gb-users@;gta.com
