Firewall
Application Firewalls
Recently the idea of application firewalls has had something of a second coming. Some vendors term them all-in-one boxes like the locally made unix box ‘Netbox Blue’.
GB-OS Version 5.4 Released
Without much fanfare the guys at GTA have quietly released version 5.4 of the GB-OS for GNATBox firewalls.
There are lot of great features on this box now.
New SSL Client
GTA SSL Sentinel VPN Client v1.0.5 is now available with improved Windows 64-bit support.
For more info: http://www.sslsentinel.com
Angry for the Truth
A prospective client has aging Cisco IOS firewall equipment, which he is not able to administer himself because he finds it too complex and confusing. Every time any change is required, however minor, it costs him money to get a cisco expert in to do the work. He was chatting to a friend, who owns GTA Firewalls, who showed him how easy it was to administer yourself. Being quite clued up on networking he got it straight away.
GTA Release GB-OS v5.2.7
Are you running GB-OS 5.2.6? Now available, GB-OS 5.2.7. This is mostly minor bug fixes and cleaning up interface bits.
New VPN Client Software
The old GTA Mobile VPN Client v4.65 has been removed from the additional software section of the GTA Support Center. Administrators and end users wishing to install or re-install an IPSec VPN Client should use one of the following NEW clients :-
Windows - Shrew Soft VPN Client v2.1.5 for Windows
Linux - Shrew Soft VPN Client 2.1.5 for Linux
MAC - IPSecuritas Version 3.4 - MAC OSX
GTA Support Center - https://www.gta.com/support/center/login/
Installation Guides for Shrew Soft Client is located at https://www.gta.com/support/docs53/
Shrew Software web site is located at http://www.shrew.net/home
The older client still works on older versions but won’t be supported on newer versions. So plan your change over now.
Carlton
Firewall Upgrades
As you may have seen from the Downloads page, where we post the latest versions of stuff, the GNATBox firmware is up to 5.3.x.
GTA posted this warning on their support site. If you’re running 5.1.x or earlier - upgrade to 5.2 before moving to 5.3.
And if it’s a GB-250, check the BIOS first, or give us a ring.
Carlton
New SSL Client
GTA has now made available for download GTA SSL VPN Client v1.0.3.
There are two ways to upgrade.
Either download the latest client via the firewall Interface SSL Browser. Log into the Firewalls SSL Browser and go to the client download section and click on the Windows Installer download link.
Or log into the support centre and get it from the additional software section.
Carlton
Getting a bigger hose
One of my pet hates is bugs on my windshield. I don’t like the way they get caught under the wiper blade and smear all over the place until it looks like a plane crash site. I use a bunch of that squirter add-on they sell at the Petrol Station, but there’s always that bit of guts that seems to remain - then bakes to concrete in the sun. How can something so squishy end up so hard? The place that services the car told me to try meths. The way he was looking at me I wasn’t sure if we were still talking about the car.
My firewall logs are like my windscreen. Most days it’s clear, but other days my email box gets a bug swarm sized pasting that leaves me unable to see anything.
Enter version 5.3.0 of GNATBox OS.
There I am, unwrapping my shiny new OS (squeak squeak) and what do I find? A new address object called ALWAYS BLOCK.
David Brooks from GTA says this on their forum:
‘The ALWAYS_BLOCK Object is referenced by an Automatic Policy that is set to deny all connections to the firewall from members of the object. This Automatic Policy is matched before all other security policies’
And get this - by default automatic policies aren’t logged, don’t end up in my logs and don’t fill up my email box. Sweet.
So I’m hosing off the annoying bugs with my new industrial sized hose!
Thanks Dave.
Carlton
Automated Internet Failover
Q. Do you want your internet connection to automatically failover?
Q. Would do like to share bandwidth on two or more internet connections?
Answer: GNATBox has this kind of functionality built in. In the screen shot above you can see options as follows:
Gateway Failover
Default route will automatically fail over the whole gateway to the DR link if the primary goes down.
Gateway Sharing
Data will be shared out equally over two or more internet links.
Policy Based Routing
You can make rules on which kind of traffic goes out which link; like SMTP or HTTP through different links for example.
Source Routing
You can chose to route traffic out a link based on which IP address it comes from.
If you would like to set this up let us know - no extra licensing is required.
Carlton
