We finally upgraded from GB-Flash 3.4.4 to GB-Ware 3.6.1 at the end of last week. The day before, we called GTA Tech Support for advice on the upgrade. They only item they suggested was to enter the 3.6.1 authorization codes into the existing 3.4.4 configuration. That made it easier once 3.6.1 was up and running. For the most part, the upgrade went reasonably smoothly; however, there were a number of gotchas that anyone considering this upgrade should consider:
1) New hardware: We decided to put 3.6.1 on official GTA sanctioned hardware (CF Card and CF to IDE adapter purchased from GTA). The goal was to make the upgrade process go as smoothly as possible, so configuring the new hardware prior to the actual ugprade was very beneficial. Issue #1 - no more than 2 interfaces can be saved without the dongle attached. This is a relatively new copy-protection method that has been in place since 3.5.0 from what I understand. It definitely made it slightly more difficult for an existing customer to move to new hardware. 2) Configuration: Uploading the existing 3.4.4 configuration to the new CF card appeared to be successful. Unfortunately, after the card and adapter were installed into the production firewall, I noticed that a number of the configuration objects (VPN Objects in particular) were missing (Issue #2). I did not spend any real time cataloging what was missing and what was not, but it was disconcerting that the configuration did not import completely and no error messages were displayed. Re-uploading the existing configuration via the web interface and saving it resolved this issue. Also, for whatever reason, the 3.6.1 serial number would not save unless the dongle was attached. This along with activating the PSN interface had to be done after 3.6.1 was running on the production firewall. 3) Mail Sentinel: Mail Sentinel is the newly improved email proxy. It has a number of nice features (whitelists, blacklists, MAPS) along with the optional antivirus and antivirus modules. Unfortunately, Mail Sentinel defaults to being disabled (e.g. blocks all incoming email) and ignored the previous mail proxy settings that were configured in 3.4.4. I spent 3 hours deciphering the documentation and trying every combination of settings to get Mail Sentinel to accept email for the 60 or so domain names that we have registered. Finally, I got it working, albeit without MAPS functionality. I figured that getting a "few" more non-legitimate emails over the weekend was better than continuing to reject all incoming email, legitimate or not. I called GTA Tech Support on Monday morning and they were able to walk me through the proper configuration of Mail Sentinel. GTA - PLEASE improve the documentation and provide some useable examples for Mail Sentinel (Issues #3). 4) Email Server: The default configuration for 3.6.1 is to disable email notifications of filter violations (Issue #4). Took me about an hour on Monday to figure out how to reenable email notifications. Overall, GB-Ware 3.6.1 appears to be running fine. Even my lan-to-lan GB-Ware to OpenBSD 3,6 VPN still works. Hope this helps any potential upgraders... Mark Gershman ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
