[ This was posted to gta-announce the other day. I'm posting this to
gb-users due to popular request. If anyone has any comments, please send
them to me. -dsr]


GTA released GNAT Box System Software version 3.3.1 (version 3.3 patch
level 1) and version 3.2.6 (ver 3.2 patch level 6) on Oct. 18, 2002.

These patch level releases address items relating to potential
vulnerabilities identified in certain components utilized in GNAT Box
System Software. These vulnerabilities may cause GTA firewall systems or
optional features to function irregularly or crash.  GTA recommends users
update their product with these patch level release for improved
performance.  (See included release notes.)

GNAT Box System Software version 3.3.1 also addresses items relating to
virtual cracks for gaming software, GBAdmin issues and default settings.
(See included release notes.)

GNAT Box System Software version 3.3.1 is available for download at the
GTA on-line support center at no charge for customers with GNAT Box System
Software version 3.3 or with a valid support contract.

GNAT Box System Software version 3.2.6 is available for download at the
GTA on-line support center at no charge for those customers who are
running GNAT Box System Software ver 3.2.x, and have not yet upgraded to
version 3.3.

Other users should contact GTA or their authorized GTA channel partner for
information on upgrading.

GTA will begin shipping products with GNAT Box System Software version
3.3.1 by October 21, 2002.


--------------------------------------------------------------------
Release331.txt
--------------------------------------------------------------------

Global Technology Associates, Inc.

Title:    GTA Firewall Systems Release Notes
Product:  GNAT Box System Software Version 3.3.1
Date:     17 October 2002


RELEASE NOTES HISTORY

These notes cover the latest release of GNAT Box System Software,
version 3.3.1. Release notes for previous versions can be found on
www.gta.com.

====================================================================

                            UPGRADES

!      CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE.      !

                    --------------------------

                         SSL ENCRYPTION
                              ---

                      Default SSL Settings

If you are upgrading from a version previous to 3.2.2, SSL will be
disabled and the default port will be set to 80. To enable SSL
encryption, first copy your current Remote Access Filter for web
access, change the port number to 443 and enable it without
disabling your old filter. Save the section. Next, default and save
the Remote Admin/Authentication function under Authorization and
save the section. This will enable all encryption and change the
server port to 443. Once SSL encryption is activated on port 443,
you can delete your old web access filter.

                    --------------------------

                     HIGH AVAILABILITY NAMES
                              ---

H2A systems now use Interface Object names (default, HA-EXTERNAL,
HA-PROTECTED), so it may be helpful to change the references to your
HA systems to reflect the new nomenclature, especially in VPN
Objects and Remote Access Filters.

                    --------------------------

                        GB-100 UPGRADES
                             ---

GB-100 directory parameters have been changed in the disk label to
free up space for the enhanced GNAT Box System Software version
3.3.1 runtime. Revising the disk label requires a destructive
installation of version 3.3.1 using GB-100 installation floppies.

!          BACK UP YOUR CONFIGURATION --- DESTRUCTIVE              !
! INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS.!

                    --------------------------

                     NETWORK INTERFACE CARDS
                             ---

See GTA's website at www.gta.com for an up-to-date list of
compatible NICs.

====================================================================

                        KNOWN BROWSER ISSUES

                    --------------------------

                Internet Explorer 5 For Macintosh
                              ---

Internet Explorer 5 browser for the Macintosh platform will not
allow you to accept or install the SSL security certificate. SSL
must be disabled to use this combination.

                   --------------------------

            Internet Explorer 5 Export Version, No Patch
                              ---

Because of security flaws in SSL version 2.0, GTA has removed SSL
2.0 support. IE 5 Export version improperly implements
SSL version 3.0, you must have installed the IE security patches in
order to use SSL 3.0 in GNAT Box System Software 3.3.1.

                   --------------------------

                  Netscape/Mozilla Browser Issues
                               ---

If you are unable to log on to your GTA Firewall after upgrading,
delete the security certificate in your browser, then exit and
restart to restore access. Version 3.3.1 installs a new default
security certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new default if the original default
certificate has never been replaced.

====================================================================

Release Notes include the following sections:

1.  SYSTEM SOFTWARE
1.1 Enhancements and Changes
1.2 Bug Fixes

2.  SERVICES
2.1 Enhancements and Changes
2.2 Bug Fixes

3.  ALL USER INTERFACES
3.1 Enhancements and Changes
3.2 Bug Fixes

4.  GBADMIN (Windows Only)
4.1 Enhancements and Changes
4.2 Bug Fixes

5.  WEB
5.1 Enhancements and Changes
5.2 Bug Fixes

6.  CONSOLE
6.1 Enhancements and Changes
6.2 Bug Fixes

7.  CONTENT FILTERING
7.1 Enhancements and Changes
7.2 Bug Fixes

8.  VERIFICATION
8.1 Enhancements and Changes
8.2 Bug Fixes

9.  SYSLOG
9.1 Enhancements and Changes
9.2 Bug Fixes

10.  INSTALLERS
10.1 Enhancements and Changes
10.2 Bug Fixes

11.  GBREPORTS
11.1 Enhancements and Changes
11.2 Bug Fixes

12.  GBAUTH
12.1 Enhancements and Changes
12.2 Bug Fixes

13.  GB-DBMAINT
13.1 Enhancements and Changes
13.2 Bug Fixes


--------------------------------------------------------------------

1.  SYSTEM SOFTWARE
1.1 Enhancements and Changes

    1.  When using WELF, record packets sent and received. GB331285

    Added feature to record packets sent and received when logging
    in WELF. New log message fields are pkts_sent and pkts_rcvd.

    2.  Add log message stating that the firewall is active at
        startup. GB331286

    GNAT Box System Software now logs the startup of the firewall.
    "GNAT Box active" is now the first message to appear in the log.

    3.  Removal of support for token-ring and gigabit in GB-100 product.

    Due to size increases associated with enhancements and bug fixes,
    support for token-ring and gigabit has been dropped from the GB-100
    product.

1.2 Bug Fixes

    1.  Using games that access Blizzard's battle.net, XDM or CUSeeMe
        through a GTA Firewall causes the system to crash
        intermittently. GB3310273

    Resolution:
    Revised code to correctly set flag in virtual crack to be an IP
    address and not an object.

    2.  Static Address Mappings that map local services to an alias
        don't perform mapping for TCP services. GB331294

    Resolution:
    Static Address Mapping now works for TCP services.

    3.  Alarms and email notifications are sent for Doorknob Twists
    even when the option is disabled. GB331028

    Resolution:
    Alarms and notifications are no longer generated by a Doorknob
    Twist when the option is disabled.

    4.  Filter blocks always appear as the user facility in the log,
        regardless of the Filter Facility set in the Remote Logging
        section. GB331261

    Resolution:
    The Filter Facility set in Remote Logging now appears correctly
    in the log.

    5.  Multiple PPPoE configurations sharing a single NIC do not
        work properly if one is misconfigured. GB331291

    Resolution:
    Now, when a misconfigured PPPoE configuration shuts down, other
    PPPoE connections on the same NIC continue to work properly.

    6.  Reading a configuration file under Windows 98 is very slow.
        GB331311

    Resolution:
    Changed the file routines so that the system moves between
    sections more rapidly.

    7.  CERT Vulnerability VU#459371 - Multiple IPsec implementations
          do not adequately validate authentication data. GB331306

    Resolution:
    The IPSec code module now fully validates authentication data
    for ESP packets.

    8.  The SNMP facility can be crashed if it attempts to process a
        specially crafted packet. This issue potentially affects any GTA
        firewall using the SNMP facility. GB331310

    Resolution:
    The SNMP facility now properly validates SNMP query packets.



2.  SERVICES
2.1 Enhancements and Changes

    1.  Make ident service respond only to hosts that have
        established TCP connections to or through the firewall.
        GB331292

    Allow connections to the ident service only for hosts that have
    already established TCP connections to or through the GTA
    Firewall.


2.2 Bug Fixes

    1.  When upgrading, if a tunnel has a source IP address that
        matches an alias and the HA virtual IP address, the tunnel
        will reference the HA object instead of the Alias object.
        GB331263

    Resolution:
    The system now correctly references the selected alias object
    when upgrading.

    2.  Console interface access is sometimes locked out after a
        failed attacker identification attempt during an attack on
        the Web interface. GB331269

    Resolution:
    An attack on the Web interface will no longer cause the Console
    interface to lock out.

    3.  In Gateway Selector, if a PPP interface used as the primary
        gateway fails to connect, the Gateway Selector will not
        work. GB331301

    Resolution:
    Now the Gateway Selector will not assume that the primary
    interface is working initially, therefore it will not get stuck
    looking for a non-existent state change.

    4.  Interior routers cannot learn the default route. GB331308

    Resolution:
    Change the metric of RIP from 14 to 1, allowing interior routers
    to learn the default route.

    5.  The SMTP proxy goes into a loop if an email destination
    address contains the character "%," stopping when the process is
    killed by an idle timeout after 120 seconds. GB331307

    Resolution:
    SMTP proxy now correctly validates domains delimited using the
    "%" character.

    6.  The Gateway Selector fails to change to an alternate default
        route in some cases in which "Ping secondary only if primary
        down" is selected. GB331312

    Resolution:
    Change gateway selector logic not to assume that the primary
    gateway is reachable when selector starts.


3.  ALL USER INTERFACES
3.1 Enhancements and Changes

    1.  Make Stealth Mode the Default Factory Setting. GB331284

    Made Stealth Mode the default factory setting for GNAT Box
    System Software so that the External Interface does not respond
    to pings or trace routes.


3.2 Bug Fixes

    1.  Time Groups cannot be made active from 11:50 pm to midnight
        when creating a block that extends from one day to the next.
        GB331213

    Resolution:
    "24:00" can now be used to indicate the end of the day.

    2.  Aliases have a default name, which is inconsistent with the
        rest of the GNAT Box system. GB331272

    Resolution:
    Aliases now do not have a default name.


4.  GBADMIN (Windows Only)
4.1 Enhancements and Changes

    NONE

4.2 Bug Fixes

    1.  Resizing a GBAdmin list window with no entries (rows) causes
        GBAdmin to crash. GB331257

    Resolution:
    Resizing an empty list window no longer crashes the interface.

    2.  Verification is not performed on a section until after the
        section is saved. GB331252

    Resolution:
    Verification now occurs before saving a section; all validation
    errors in the current section must be corrected before the
    section can be saved.

    3.  Copy functions unavailable in View Log Messages list in
        System Activity. GB331265

    Resolution:
    Copy and paste functions are now available in View Log Messages.

    4.  COM Port is being set incorrectly to COM0, causing PPP to
        fail. GB331266

    Resolution:
    COM Port is now being set correctly.

    5.  In the VPN Objects section, HA interface names do not
        display in the dropdown box for the Local Gateway. GB331270

    Resolution:
    HA Interface names now appear in the selection list for Local
    Gateway.

    6.  When saving a configuration with GBAdmin 3.3.0, name fields
        are truncated to 19 characters. This truncation can cause
        data loss in multi-byte Asian strings. GB331275

    Resolution:
    Allow user to enter 19 visual characters, regardless of actual
    string length.

    7.  Some grids use the Arial font. Kanji text converts to
        nonsense when displayed in these grids. GB331282

    Resolution:
    Use system font for grid. The system font is capable of
    displaying Kanji on Asian versions of Windows.

    8.  Vertical scroll bar is cropped on the right side of the
        window when GBAdmin is resized to smallest horizontal width.
        GB331259

    Resolution:
    Horizontal scroll bar now scrolls all the way from left to right
    after resizing.

    9.  After deleting all VPN Objects and moving to another
        section, VPN Object fields are not disabled (greyed out).
        GB331262

    Resolution:
    VPN Object fields are now disabled (greyed out) after all
    objects have been deleted.

    10. In the Filters/Time Group section, selecting OK in the Time
        Edit Dialog dialog does not close the Time Edit dialog.
        GB331264

    Resolution:
    Selecting the OK button now closes the Time Edit dialog box in
    the Filters/Time Group section.

    11. Resizing the Inbound Tunnels screen from small to large
        creates a redraw problem on the right-hand side of the
        screen. GB331267

    Resolution:
    Corrected redraw problem when resizing Inbound Tunnels screen.

    12. COM4 is missing from the PPP COM Port selection dropdown box
        in GB-Pro, GNAT Box Light, GNAT Box Demo, GB-Flash, and
        GB-100. GB331274

    Resolution:
    Added COM Port 4 selection to the dropdown box in these
    products.

    13. In DHCP server, the user can add more than five exclusion
        ranges. In addtion, multiple rows cannot be deleted
        properly. GB331288

    Resolution:
    Modified the code so that the correct number of rows can be
    added, and multiple rows can be deleted properly.

    14. GBAdmin prevents the user from creating a GNAT Box Floppy if
        no runtime is loaded. GB331299

    Resolution:
    The user can now create a GNAT Box Floppy even if a runtime is
    not loaded into GBAdmin. Now, when saving, GBAdmin will display
    a warning that no runtime is loaded.

    15. In Static Routes, any entered mask is lost. GB331300

    Resolution:
    Any entered mask now remains in network address field.

    16. Selecting "Use old log format" in the Remote Logging section
        does not work.

    Resolution:
    The "Use old log format" option in GBAdmin now functions
    correctly.


5.  WEB
5.1 Enhancements and Changes

    NONE

5.2 Bug Fixes

    1.  Surf Sentinel category "Abortion Advocacy" missing from Web
        interface. GB331258

    Resolution:
    Added missing category.

    2.  GB-Flash Serial console (SIO) version. Only the COM2
        selection is available on the Web interface.

    Resolution:
    All available COM ports now appear on the Web interface in the
    SIO version of GB-Flash.


6.  CONSOLE

    NONE


7.  CONTENT FILTERING
7.1 Enhancements and Changes

    NONE

7.2 Bug Fixes

    1.  Firewall logs http connections as "cat_site: Unknown" when
        unable to determine categorization. GB331276

    Resolution:
    Log cat_site only when the category can be determined.


8.  VERIFICATION
8.1 Enhancements and Changes

    1.  Verification does not catch case in which HA is disabled and
        an HA interface object is referenced elsewhere in the
        configuration. GB331303

    Resolution:
    If HA is disabled, and an HA interface object is used, the
    system will now create a verification error message.

8.2 Bug Fixes

    NONE


9.  SYSLOG
9.1 Enhancements and Changes

    NONE

9.2 Bug Fixes

    1.  The Syslog displays "unable to parse" pop-up error message
        when the WELF parser encounters an unknown field. GB331293

    Resolution:
    Change syslog code to ignore unknown fields.


10.  INSTALLERS
10.1 Enhancements and Changes

    NONE

10.2 Bug Fixes

    1.  Custom install offers to create shortcuts to Syslog and
        GBAdmin when these options have not been selected. GB331298

    Resolution:
    Installers now check for existing programs before offering to
    create icons or shortcuts.


11. GBREPORTS
11.1 Enhancements and Changes

    1.  Add ability for GBReports to import logs in WebTrends'
        syslog format. GB331304

    GBReports is now able to import logs from third-party syslog
    programs that use WebTrends syslog format.


11.2 Bug Fixes

    NONE


12.  GBAUTH

    NONE


13.  GB-DBMAINT
13.1 Enhancements and Changes

    NONE

13.2 Bug Fixes

    1.  When Purge Old Records is selected and "Backup old records
        first" is unchecked, GB-DBMaint.exe crashes because it
        attempts to write to an unopened backup file. GB331271

    Resolution:
    The program no longer attempts to write to an unopened backup
    file.




--------------------------------------------------------------------
Release326.txt
--------------------------------------------------------------------

Global Technology Associates, Inc.

Title:    GTA Firewall Systems Release Notes
Product:  GNAT Box System Software Version 3.2.6
Date:     17 October 2002


RELEASE NOTES HISTORY

These notes cover an incremental release of GNAT Box System
Software, version 3.2. Release notes for 3.2.5 and other versions
can be found on www.gta.com.

====================================================================

                            UPGRADES

!      CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE.      !

                    --------------------------

                         SSL ENCRYPTION
                              ---

                      Default SSL Settings

If you are upgrading from a version previous to 3.2.2, SSL will be
disabled and the default port will be set to 80. To enable SSL
encryption, first copy your current Remote Access Filter for web
access, change the port number to 443 and enable it without
disabling your old filter. Save the section. Next, default and save
the Remote Admin/Authentication function under Authorization and
save the section. This will enable all encryption and change the
server port to 443. Once SSL encryption is activated on port 443,
you can delete your old web access filter.

                    --------------------------

                        GB-100 UPGRADES
                             ---

GB-100 directory parameters have been changed in the disk label to
free up space for the enhanced GNAT Box System Software runtime.
Revising the disk label requires a destructive installation using GB-100
installation floppies.

!          BACK UP YOUR CONFIGURATION --- DESTRUCTIVE              !
! INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS.!

                    --------------------------

                     NETWORK INTERFACE CARDS
                             ---

See GTA's website at www.gta.com for an up-to-date list of
compatible NICs.

====================================================================

                        KNOWN BROWSER ISSUES

                    --------------------------

                Internet Explorer 5 For Macintosh
                              ---

Internet Explorer 5 browser for the Macintosh platform will not
allow you to accept or install the SSL security certificate. SSL
must be disabled to use this combination.

====================================================================

Release Notes include the following sections with the subsection 1:
Enhancements and Changes, and subsection 2: Bug Fixes. "None" means
there are no issues in that subsection addressed in this release.

1.  SYSTEM SOFTWARE

2.  SERVICES

3.  ALL USER INTERFACES

4.  GBADMIN (Windows Only)

5.  WEB

6.  CONSOLE

7.  CONTENT FILTERING

8.  VERIFICATION

9.  SYSLOG

10.  INSTALLERS

11.  GBREPORTS

12.  GBAUTH

------------------------------------------------------------------

1.  SYSTEM SOFTWARE
1.1 Enhancements and Changes

    1.  New BIND version.

    DNS server updated to BIND version 8.3.3.

    2.  Removal of support for token-ring and gigabit in GB-100 product.

    Due to size increases associated with enhancements and bug fixes,
    support for token-ring and gigabit has been dropped from the GB-100
    product.

1.2 Bug Fixes

    1.  CERT Vulnerability VU#459371 - Multiple IPsec implementations
        do not adequately validate authentication data.

    Resolution:
    The IPSec code module now fully validates authentication data
    for ESP packets.

    2.  The SNMP facility can be crashed if it attempts to process a
        specially crafted packet. This issue potentially affects any GTA
        firewall using the SNMP facility.

    Resolution:
    The SNMP facility now properly validates SNMP query packets.


2.  SERVICES

    NONE


3.  ALL USER INTERFACES

    NONE


4.  GBADMIN (Windows Only)

    NONE


5.  WEB

    NONE


6.  CONSOLE

    NONE


7.  CONTENT FILTERING

    NONE


8.  VERIFICATION

    NONE


9.  SYSLOG

    NONE


10.  INSTALLERS

    NONE


11. GBREPORTS

    NONE


12.  GBAUTH

    NONE

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
 http://www.mail-archive.com/gb-users@;gta.com

Reply via email to