GTA released GNAT Box System Software ver 3.3 patch level 2 (ver 3.3.2) on
November 21, 2002. This patch release contains minor functionality
enhancements and addresses several issues that have been identified since
the release of ver 3.3.1. See included release notes.
GNAT Box System Software ver. 3.3 patch level 2 will be available for
download through the GTA on-line support center and will shipped
preinstalled on new products by November 22, 2002. Customers whose
firewalls are currently registered through GTA's on-line support center
and have version 3.3.x or have a current support contract, may download
the latest update at no charge. Other customers must purchase either a
single version upgrade or support contract to be upgrade to version 3.3.2.
GTA also released GNAT Box System Software ver 3.2 patch level 7. This
version incorporates BIND 8.3.4. Customers who are currently running GNAT
Box System Software ver 3.2.x, who do not wish to upgrade to ver 3.3.x are
encouraged to download the latest version. Customers who are running GNAT
Box System Software prior to ver 3.2.x, may purchase a single version
upgrade or support contract to upgrade to ver 3.3, patch level 2.
--------------------------------------------------------------------
Release332.txt
--------------------------------------------------------------------
Global Technology Associates, Inc.
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software Version 3.3.2
Date: 19 November 2002
RELEASE NOTES HISTORY
These notes cover the latest patch release of GNAT Box System Software,
version 3.3.2. Release notes for previous versions can be found on GTA's
website at www.gta.com.
==========================================================================
UPGRADES
! CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE. !
----------------------------------
SSL ENCRYPTION
----
Default SSL Settings
If you are upgrading from a version previous to 3.2.2, SSL will be
disabled and the default port will be set to 80. To enable SSL encryption,
first copy your current Remote Access Filter for web access, change the
port number to 443 and enable it without disabling your old filter. Save
the section. Next, default and save the Remote Admin/Authentication
function under Authorization and save the section. This will enable all
encryption and change the server port to 443. Once SSL encryption is
activated on port 443, you can delete your old web access filter.
----------------------------------
HIGH AVAILABILITY NAMES
----
Starting with version 3.3, H2A systems began using Interface Object names
(default, HA-EXTERNAL, HA-PROTECTED), so it is recommended that you change
the references to your HA systems to reflect the new nomenclature,
especially in VPN Objects and Remote Access Filters.
----------------------------------
GB-100 UPGRADES
----
In version 3.3, GB-100 directory parameters were changed in the disk label
to free up space for the enhanced GNAT Box System Software runtime. When
upgrading from a version prior to 3.3, revising the disk label requires a
destructive installation using GB-100 installation floppies.
! BACK UP YOUR CONFIGURATION --- DESTRUCTIVE !
! INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS. !
----------------------------------
NETWORK INTERFACE CARDS
----
See GTA's website at http://www.gta.com/tech/hardware.php for a list of
compatible NICs for GB-Pro, GB-Flash, GNAT Box Light and GNAT Box Demo.
==========================================================================
KNOWN BROWSER ISSUES
----------------------------------
Internet Explorer 5 For Macintosh
----
Internet Explorer 5 browser for the Macintosh platform will not allow you
to accept or install the SSL security certificate. SSL must be disabled to
use this combination.
----------------------------------
Internet Explorer 5 Export Version, No Patch
----
Because of security flaws in SSL version 2.0, GTA has removed SSL 2.0
support. IE 5 Export version improperly implements SSL version 3.0, so in
order to use SSL 3.0 with GNAT Box System Software 3.3.x, you must have
installed the IE security patches.
----------------------------------
Netscape/Mozilla Browser Issues
----
If you are unable to log on to your GTA Firewall after upgrading, delete
the security certificate in your browser, then exit and restart to restore
access. Version 3.3.2 installs a new default security certificate. Some
browsers, including Netscape and Mozilla, will not recognize the new
default if the original default certificate has never been replaced.
==========================================================================
Release Notes include sections on enhancements and bug fixes for the
following topics:
1. SYSTEM SOFTWARE
2. SERVICES
3. ALL USER INTERFACES
4. GBADMIN (Windows Only)
5. WEB
6. CONSOLE
7. CONTENT FILTERING
8. VERIFICATION
9. SYSLOG (Windows Only)
10. INSTALLERS
11. GBREPORTS (Windows Only)
12. GBAUTH (Windows Only)
13. GB-DBMAINT (Windows Only)
--------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements and Changes
NONE
1.2 Bug Fixes
1. Access of an inbound tunnel whose destination is port 80 or 8080
is being logged as if the access was to an external web site.
GB332317
Resolution:
Apply "log web pages accessed" only to outbound http connections.
2. Under high load the "em" gigabit driver is exhausting memory.
GB332327
Resolution:
Prevent memory loss in "em" driver.
3. Email proxy logs in WELF even when "Old log format" is selected in
the Remote Logging section. GB332337
Resolution:
Make the email proxy use the old log format when that option is
selected.
4. System does not recognize gigabit network interface cards that use
the "nge" driver. GB332344
Resolution:
System now can use the "nge" network device.
2. SERVICES
2.1 Enhancements and Changes
1. Add to email proxy the ability to record SMTP "To" and "From"
addresses. GB332346
As email is received, add X-From and X-To entries to the email
header.
2.2 Bug Fixes
1. DNS server does not start properly if one of the host names listed
is incorrect. GB332320
Resolution:
Add verification code to catch invalid domain and host names, and
ignore invalid domains and host names when generating DNS
configuration files.
2. DNS server does not resolve IP addresses to names without a subnet
entry. GB332322
Resolution:
Correctly calculate default netmask when building reverse DNS
filename.
3. PPP aliases do not work correctly. GB332325
Resolution:
Change system so that a host route for PPP aliases is not
installed.
4. If mutiple PPPoE connections are using a single NIC, and one of
the connections goes down, the other PPPoE connection sometimes
goes down as well. GB332326
Resolution:
When shutting down a connection, change system to correctly detect
that another PPPoE connection is still using the NIC.
5. Services sometimes do not work when route to internet is PPPoE or
DHCP. GB332335
Resolution:
Make services restart when PPP or DHCP negotiates a new address.
6. A VPN that uses HMAC-SHA2 as the Phase II hash algorithm
does not function. GB332318
Resolution:
Add logic to enable the IKE service to configure SHA2
authentication.
7. VPNs default to the primary IP address when originating a
connection. GB332350
Resolution:
Make VPNs use defined local gateway when they originate a VPN
connection instead of defaulting to the primary IP address.
8. BIND version 8.3.3 allows a buffer overflow in DNS server.
GB332352
Resolution:
Upgrade DNS server to BIND 8.3.4.
9. DNS Server does not always work when using subnets. GB332353
Resolution:
Add logic to ensure that if a netmask is specified, the system
will not try to calculate the netmask.
3. ALL USER INTERFACES
3.1 Enhancements and Changes
1. Add options for "Deny fragmented packets," "Unexpected packets,"
"Invalid packets" and "Automatic filters" to Filter Preferences.
GB332324
Add Filter Preferences options to:
- deny and log fragmented packets;
- log unexpected packets;
- log invalid packets; and
- disable and log automatic filters.
3.2 Bug Fixes
NONE
4. GBADMIN (Windows Only)
4.1 Enhancements and Changes
NONE
4.2 Bug Fixes
1. If the PPP section is selected twice, the next time the Network
Information screen is selected, GBAdmin sometimes crashes.
GB332315
Resolution:
GBAdmin no longer crashes when the PPP section is selected twice.
2. GB-Pro, GNAT Box Light and GNAT Box Demo display links to
online documentation for features that are not valid for each
respective product. GB332336
Resolution:
Remove NTP and Content Filtering links.
3. If new PPP configuration information is entered in the PPP
section, but not saved, and then the section is selected again
the new configuration data disappears. GB332341
Resolution:
Page is refreshed, instead of reloaded, when the section is
selected again from the menu.
5. WEB
5.1 Enhancements and Changes
5.2 Bug Fixes
NONE
6. CONSOLE
6.1 Enhancements and Changes
6.2 Bug Fixes
NONE
7. CONTENT FILTERING
7.1 Enhancements and Changes
1. Match Surf Sentinel categories to Cerberian's "Potential Liable &
Objectionable Content" categories. GB332340
Make defaults for Surf Sentinel's deny categories match
Cerberian's "Potential Liable & Objectionable Content" categories.
7.2 Bug Fixes
NONE
8. VERIFICATION
8.1 Enhancements and Changes
8.2 Bug Fixes
NONE
9. SYSLOG (Windows Only)
9.1 Enhancements and Changes
9.2 Bug Fixes
NONE
10. INSTALLERS
10.1 Enhancements and Changes
10.2 Bug Fixes
1. GBReports installer overwrites the file 'my.cnf' if MySQL was
previously installed. GB332314
Resolution:
If MySQL is already installed, the GBReports installer will use
the existing MySQL instead of overwriting it with a new copy.
11. GBREPORTS (Windows Only)
11.1 Enhancements and Changes
1. Add date and time constraints to reports and charts. GB332343
GBReports now allows users to select the date and time range for
which reports and charts will be generated.
2. Use GB-DBMaint utility if it exists. GB332351
If GBReports can find the GB-DBMaint utility it will execute it,
otherwise it will revert to its original behavior, i.e. a dialog
box asking the user for a date and time.
Two situations will invoke this new behavior:
1. Select 'File/Database Maintenance' from the menu
2. Select 'File/Import Log Files' from the menu, then click 'yes'
to clear old log data.
11.2 Bug Fixes
1. When using old logging format, www log messages are not being
parsed correctly. GB332319
Resolution:
Added logic to properly parse www log messages in old logging
format.
12. GBAUTH (Windows Only)
12.1 Enhancements and Changes
12.2 Bug Fixes
NONE
13. GB-DBMAINT (Windows Only)
13.1 Enhancements and Changes
13.2 Bug Fixes
NONE
--------------------------------------------------------------------
--------------------------------------------------------------------
Release327.txt
--------------------------------------------------------------------
Global Technology Associates, Inc.
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software Version 3.2.7
Date: 19 November 2002
RELEASE NOTES HISTORY
These notes cover an incremental release of GNAT Box System Software.
Release notes for 3.2.6 and other versions can be found on www.gta.com.
====================================================================
UPGRADES
! CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE. !
--------------------------
SSL ENCRYPTION
---
Default SSL Settings
If you are upgrading from a version previous to 3.2.2, SSL will be
disabled and the default port will be set to 80. To enable SSL
encryption, first copy your current Remote Access Filter for web
access, change the port number to 443 and enable it without
disabling your old filter. Save the section. Next, default and save
the Remote Admin/Authentication function under Authorization and
save the section. This will enable all encryption and change the
server port to 443. Once SSL encryption is activated on port 443,
you can delete your old web access filter.
--------------------------
GB-100 UPGRADES
---
GB-100 directory parameters have been changed in the disk label to
free up space for the enhanced GNAT Box System Software runtime.
Revising the disk label requires a destructive installation using GB-100
installation floppies.
! BACK UP YOUR CONFIGURATION --- DESTRUCTIVE !
! INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS.!
--------------------------
NETWORK INTERFACE CARDS
---
See GTA's website at www.gta.com for an up-to-date list of
compatible NICs.
==========================================================================
KNOWN BROWSER ISSUES
----------------------------------
Internet Explorer 5 For Macintosh
----
Internet Explorer 5 browser for the Macintosh platform will not allow you
to accept or install the SSL security certificate. SSL must be disabled to
use this combination.
==========================================================================
Release Notes include sections on enhancements and bug fixes for the
following topics:
1. SYSTEM SOFTWARE
2. SERVICES
3. ALL USER INTERFACES
4. GBADMIN (Windows Only)
5. WEB
6. CONSOLE
7. CONTENT FILTERING
8. VERIFICATION
9. SYSLOG (Windows Only)
10. INSTALLERS
11. GBREPORTS (Windows Only)
12. GBAUTH (Windows Only)
13. GB-DBMAINT (Windows Only)
--------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements and Changes
1.2 Bug Fixes
NONE
2. SERVICES
2.1 Enhancements and Changes
2.2 Bug Fixes
1. BIND version 8.3.3 allows a buffer overflow in DNS server.
GB332352
Resolution:
Upgrade DNS server to BIND 8.3.4.
3. ALL USER INTERFACES
3.1 Enhancements and Changes
3.2 Bug Fixes
NONE
4. GBADMIN (Windows Only)
4.1 Enhancements and Changes
4.2 Bug Fixes
NONE
5. WEB
5.1 Enhancements and Changes
5.2 Bug Fixes
NONE
6. CONSOLE
6.1 Enhancements and Changes
6.2 Bug Fixes
NONE
7. CONTENT FILTERING
7.1 Enhancements and Changes
7.2 Bug Fixes
NONE
8. VERIFICATION
8.1 Enhancements and Changes
8.2 Bug Fixes
NONE
9. SYSLOG (Windows Only)
9.1 Enhancements and Changes
9.2 Bug Fixes
NONE
10. INSTALLERS
10.1 Enhancements and Changes
10.2 Bug Fixes
NONE
11. GBREPORTS (Windows Only)
11.1 Enhancements and Changes
11.2 Bug Fixes
NONE
12. GBAUTH (Windows Only)
12.1 Enhancements and Changes
12.2 Bug Fixes
NONE
13. GB-DBMAINT (Windows Only)
13.1 Enhancements and Changes
13.2 Bug Fixes
NONE
--------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[email protected]
