Patch-ID# 105483-02 Keywords: Upgrade, jumbo, patch, 3.0b, motif, vpn Synopsis: Solstice FireWall-1 3.0b Sparc Motif GUI: Upgrade/Jumbo (VPN) Date: Oct/08/97 Solaris Release: 2.5 2.5.1 2.6 SunOS Release: 5.5 5.5.1 5.6 Unbundled Product: Firewall-1 Unbundled Release: 3.0 Relevant Architectures: sparc BugId's fixed with this patch: Changes incorporated in this version: Patches accumulated and obsoleted by this patch: 105483-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: clients/WindU clients/bin/fwlv clients/bin/fwss clients/bin/fwui clients/conf/encrypt.fws clients/conf/files.fws clients/conf/keys.fws clients/conf/logaccount.fw clients/conf/logactive.fw clients/conf/logview.fw clients/conf/logview.fws clients/conf/lv_recs.fws clients/conf/objects.fws clients/conf/rules.fws clients/conf/setup.fws clients/conf/users.fws clients/help/fwlog.cnt clients/help/fwlog.hlp clients/help/fwpolicy.cnt clients/help/fwpolicy.hlp clients/help/fwstatus.cnt clients/help/fwstatus.hlp clients/hyperhelp/HhcMsgs.cat clients/hyperhelp/HhvMsgs.cat clients/hyperhelp/RELEASE.viewer clients/hyperhelp/app-defaults/app-defaults clients/hyperhelp/app-defaults/app-defaults.german clients/hyperhelp/app-defaults/app-defaults.japanese clients/hyperhelp/app-defaults/app-defaults.kanji clients/hyperhelp/app-defaults/readme.txt clients/hyperhelp/bin/dllink clients/hyperhelp/bin/hyperhelp clients/hyperhelp/hoh.cnt clients/hyperhelp/hoh.fts clients/hyperhelp/hoh.hlp clients/hyperhelp/lib/C/Codeset clients/hyperhelp/lib/dmpbaggage.dll clients/hyperhelp/lib/hhteds.dll clients/hyperhelp/lib/hpgl.dll clients/hyperhelp/samples/de/DE clients/lib/PCL4_32.drv clients/lib/PCL5_32.drv clients/lib/PostScript_32.drv clients/lib/libC.so.5 clients/lib/libcommctrl32.so clients/lib/libcommdlg32.so clients/lib/libgdi32.so clients/lib/libkernel32.so clients/lib/libmfc40.so clients/lib/libprnt32.so clients/lib/libuser32.so clients/lib/libwinsock32.so clients/lib/wincrt0.o clients/lib/windu_clientd clients/lib/windu_registryd clients/lib/windu_scmd clients/xprinter/fontmetrics/afm/agaramond-bold.afm clients/xprinter/fontmetrics/afm/avantgarde-book.afm clients/xprinter/fontmetrics/afm/avantgarde-bookoblique.afm clients/xprinter/fontmetrics/afm/avantgarde-demi.afm clients/xprinter/fontmetrics/afm/avantgarde-demioblique.afm clients/xprinter/fontmetrics/afm/bookman-demi.afm clients/xprinter/fontmetrics/afm/bookman-demiitalic.afm clients/xprinter/fontmetrics/afm/bookman-light.afm clients/xprinter/fontmetrics/afm/bookman-lightitalic.afm clients/xprinter/fontmetrics/afm/courier-bold.afm clients/xprinter/fontmetrics/afm/courier-boldoblique.afm clients/xprinter/fontmetrics/afm/courier-oblique.afm clients/xprinter/fontmetrics/afm/courier.afm clients/xprinter/fontmetrics/afm/gothicbbb-medium-83pv-rksj-h.afm clients/xprinter/fontmetrics/afm/gothicbbb-medium.roman.afm clients/xprinter/fontmetrics/afm/helvetica.afm clients/xprinter/fontmetrics/afm/helvetica-bold.afm clients/xprinter/fontmetrics/afm/helvetica-boldoblique.afm clients/xprinter/fontmetrics/afm/helvetica-oblique.afm clients/xprinter/fontmetrics/afm/newbaskerville-bold.afm clients/xprinter/fontmetrics/afm/newbaskerville-bolditalic.afm clients/xprinter/fontmetrics/afm/newbaskerville-italic.afm clients/xprinter/fontmetrics/afm/newbaskerville-roman.afm clients/xprinter/fontmetrics/afm/newcenturyschlbk-bold.afm clients/xprinter/fontmetrics/afm/newcenturyschlbk-bolditalic.afm clients/xprinter/fontmetrics/afm/newcenturyschlbk-italic.afm clients/xprinter/fontmetrics/afm/newcenturyschlbk-roman.afm clients/xprinter/fontmetrics/afm/palatino-bold.afm clients/xprinter/fontmetrics/afm/palatino-bolditalic.afm clients/xprinter/fontmetrics/afm/palatino-italic.afm clients/xprinter/fontmetrics/afm/palatino-roman.afm clients/xprinter/fontmetrics/afm/ryumin-light-83pv-rksj-h.afm clients/xprinter/fontmetrics/afm/ryumin-light.roman.afm clients/xprinter/fontmetrics/afm/symbol.afm clients/xprinter/fontmetrics/afm/times-bold.afm clients/xprinter/fontmetrics/afm/times-bolditalic.afm clients/xprinter/fontmetrics/afm/times-italic.afm clients/xprinter/fontmetrics/afm/times-roman.afm clients/xprinter/fontmetrics/afm/windsor.afm clients/xprinter/fontmetrics/afm/zapfchancery-mediumitalic.afm clients/xprinter/fontmetrics/afm/zapfdingbats.afm clients/xprinter/fontmetrics/tfm/9nb00041.tfm clients/xprinter/fontmetrics/tfm/9nb00042.tfm clients/xprinter/fontmetrics/tfm/9nb00050.tfm clients/xprinter/fontmetrics/tfm/9nb00153.tfm clients/xprinter/fontmetrics/tfm/9nb00292.tfm clients/xprinter/fontmetrics/tfm/9nb00491.tfm clients/xprinter/fontmetrics/tfm/9nb01869.tfm clients/xprinter/fontmetrics/tfm/9nb02995.tfm clients/xprinter/fontmetrics/tfm/9nb03902.tfm clients/xprinter/fontmetrics/tfm/9nb03903.tfm clients/xprinter/fontmetrics/tfm/9nb04827.tfm clients/xprinter/fontmetrics/tfm/9nb05436.tfm clients/xprinter/fontmetrics/tfm/9nb05447.tfm clients/xprinter/fontmetrics/tfm/9nb05448.tfm clients/xprinter/fontmetrics/tfm/9nb05705.tfm clients/xprinter/fontmetrics/tfm/9nb06334.tfm clients/xprinter/fontmetrics/tfm/9nb06335.tfm clients/xprinter/fontmetrics/tfm/9nb09894.tfm clients/xprinter/fontmetrics/tfm/9nb09961.tfm clients/xprinter/fontmetrics/tfm/9nb11478.tfm clients/xprinter/fontmetrics/tfm/9nb11538.tfm clients/xprinter/fontmetrics/tfm/9nb11942.tfm clients/xprinter/fontmetrics/tfm/9nb12382.tfm clients/xprinter/fontmetrics/tfm/9nb14604.tfm clients/xprinter/fontmetrics/tfm/9nb14771.tfm clients/xprinter/fontmetrics/tfm/9nb15724.tfm clients/xprinter/fontmetrics/tfm/9nb16827.tfm clients/xprinter/fontmetrics/tfm/9nb17035.tfm clients/xprinter/fontmetrics/tfm/9nb17421.tfm clients/xprinter/fontmetrics/tfm/9nb17673.tfm clients/xprinter/fontmetrics/tfm/9nb18467.tfm clients/xprinter/fontmetrics/tfm/9nb18468.tfm clients/xprinter/fontmetrics/tfm/9nb18716.tfm clients/xprinter/fontmetrics/tfm/9nb18717.tfm clients/xprinter/fontmetrics/tfm/9nb19169.tfm clients/xprinter/fontmetrics/tfm/9nb19170.tfm clients/xprinter/fontmetrics/tfm/9nb19718.tfm clients/xprinter/fontmetrics/tfm/9nb19895.tfm clients/xprinter/fontmetrics/tfm/9nb19896.tfm clients/xprinter/fontmetrics/tfm/9nb19912.tfm clients/xprinter/fontmetrics/tfm/9nb21726.tfm clients/xprinter/fontmetrics/tfm/9nb21727.tfm clients/xprinter/fontmetrics/tfm/9nb23281.tfm clients/xprinter/fontmetrics/tfm/9nb23811.tfm clients/xprinter/fontmetrics/tfm/9nb24464.tfm clients/xprinter/fontmetrics/tfm/9nb25667.tfm clients/xprinter/fontmetrics/tfm/9nb26299.tfm clients/xprinter/fontmetrics/tfm/9nb26500.tfm clients/xprinter/fontmetrics/tfm/9nb26501.tfm clients/xprinter/fontmetrics/tfm/9nb26962.tfm clients/xprinter/fontmetrics/tfm/9nb28145.tfm clients/xprinter/fontmetrics/tfm/9nb28703.tfm clients/xprinter/fontmetrics/tfm/9nb29358.tfm clients/xprinter/fontmetrics/tfm/9nb30333.tfm clients/xprinter/fontmetrics/tfm/9nb31322.tfm clients/xprinter/fontmetrics/tfm/9nb32391.tfm clients/xprinter/fontmetrics/tfm/crb14e1a.tfm clients/xprinter/fontmetrics/tfm/crb14lga.tfm clients/xprinter/fontmetrics/tfm/crb14pca.tfm clients/xprinter/fontmetrics/tfm/crb14pda.tfm clients/xprinter/fontmetrics/tfm/crb14pma.tfm clients/xprinter/fontmetrics/tfm/crb14r8a.tfm clients/xprinter/fontmetrics/tfm/crb1ce1a.tfm clients/xprinter/fontmetrics/tfm/crb1clga.tfm clients/xprinter/fontmetrics/tfm/crb1clgc.tfm clients/xprinter/fontmetrics/tfm/crb1cpca.tfm clients/xprinter/fontmetrics/tfm/crb1cpda.tfm clients/xprinter/fontmetrics/tfm/crb1cpma.tfm clients/xprinter/fontmetrics/tfm/crb1cr8a.tfm clients/xprinter/fontmetrics/tfm/cri14e1a.tfm clients/xprinter/fontmetrics/tfm/cri14lga.tfm clients/xprinter/fontmetrics/tfm/cri14pca.tfm clients/xprinter/fontmetrics/tfm/cri14pda.tfm clients/xprinter/fontmetrics/tfm/cri14pma.tfm clients/xprinter/fontmetrics/tfm/cri14r8a.tfm clients/xprinter/fontmetrics/tfm/cri1ce1a.tfm clients/xprinter/fontmetrics/tfm/cri1clga.tfm clients/xprinter/fontmetrics/tfm/cri1cpca.tfm clients/xprinter/fontmetrics/tfm/cri1cpda.tfm clients/xprinter/fontmetrics/tfm/cri1cpma.tfm clients/xprinter/fontmetrics/tfm/cri1cr8a.tfm clients/xprinter/fontmetrics/tfm/crr14e1a.tfm clients/xprinter/fontmetrics/tfm/crr14lga.tfm clients/xprinter/fontmetrics/tfm/crr14pca.tfm clients/xprinter/fontmetrics/tfm/crr14pda.tfm clients/xprinter/fontmetrics/tfm/crr14pma.tfm clients/xprinter/fontmetrics/tfm/crr14r8a.tfm clients/xprinter/fontmetrics/tfm/crr1ce1a.tfm clients/xprinter/fontmetrics/tfm/crr1clga.tfm clients/xprinter/fontmetrics/tfm/crr1cpca.tfm clients/xprinter/fontmetrics/tfm/crr1cpda.tfm clients/xprinter/fontmetrics/tfm/crr1cpma.tfm clients/xprinter/fontmetrics/tfm/crr1cr8a.tfm clients/xprinter/fontmetrics/tfm/glue.txt clients/xprinter/fontmetrics/tfm/lpr0ye1a.tfm clients/xprinter/fontmetrics/tfm/lpr0ylga.tfm clients/xprinter/fontmetrics/tfm/lpr0ypca.tfm clients/xprinter/fontmetrics/tfm/lpr0ypda.tfm clients/xprinter/fontmetrics/tfm/lpr0ypma.tfm clients/xprinter/fontmetrics/tfm/lpr0yr8a.tfm clients/xprinter/fontmetrics/tfm/readme.txt clients/xprinter/fontmetrics/tfm/trb0000s.tfm clients/xprinter/fontmetrics/tfm/tri0000s.tfm clients/xprinter/fontmetrics/tfm/trj0000s.tfm clients/xprinter/fontmetrics/tfm/trr0000s.tfm clients/xprinter/fontmetrics/tfm/una0000s.tfm clients/xprinter/fontmetrics/tfm/unb0000s.tfm clients/xprinter/fontmetrics/tfm/unc0000s.tfm clients/xprinter/fontmetrics/tfm/unf0000s.tfm clients/xprinter/fontmetrics/tfm/unh0000s.tfm clients/xprinter/fontmetrics/tfm/uni0000s.tfm clients/xprinter/fontmetrics/tfm/unj0000s.tfm clients/xprinter/fontmetrics/tfm/unr0000s.tfm clients/xprinter/fontmetrics/tfm/xphpplt0.tfm clients/xprinter/fontmetrics/tfm/xphpplt1.tfm clients/xprinter/fontmetrics/tfm/xphpplt2.tfm clients/xprinter/fontmetrics/tfm/xphpplt3.tfm clients/xprinter/fontmetrics/tfm/xphpplt4.tfm clients/xprinter/fontmetrics/tfm/xref_tfm.txt clients/xprinter/fontmetrics/tfm/zdr0000s.tfm clients/xprinter/pclstd.fonts clients/xprinter/ppds/a_pnt518.ps clients/xprinter/ppds/ac500503.ps clients/xprinter/ppds/aljii523.ps clients/xprinter/ppds/amchr518.ps clients/xprinter/ppds/ap_ntxj1.ps clients/xprinter/ppds/aplwiif1.ps clients/xprinter/ppds/aplwiig1.ps clients/xprinter/ppds/aplwntr1.ps clients/xprinter/ppds/apple230.ps clients/xprinter/ppds/apple380.ps clients/xprinter/ppds/apple422.ps clients/xprinter/ppds/aps08522.ps clients/xprinter/ppds/aps12522.ps clients/xprinter/ppds/aps26522.ps clients/xprinter/ppds/aps80522.ps clients/xprinter/ppds/ast__470.ps clients/xprinter/ppds/cg94_493.ps clients/xprinter/ppds/cn_500_1.ps clients/xprinter/ppds/cn_500j1.ps clients/xprinter/ppds/cnlbp4_1.ps clients/xprinter/ppds/cnlbp8_1.ps clients/xprinter/ppds/cnlbp8r1.ps clients/xprinter/ppds/cnlbp8t1.ps clients/xprinter/ppds/color_lj.pcl clients/xprinter/ppds/color_lj.ps clients/xprinter/ppds/cppmq151.ps clients/xprinter/ppds/cppmq201.ps clients/xprinter/ppds/datap462.ps clients/xprinter/ppds/dcd11501.ps clients/xprinter/ppds/dcd21501.ps clients/xprinter/ppds/dcd22501.ps clients/xprinter/ppds/dclps201.ps clients/xprinter/ppds/dclps401.ps clients/xprinter/ppds/dp_us470.ps clients/xprinter/ppds/dpl15601.ps clients/xprinter/ppds/dplz9601.ps clients/xprinter/ppds/ep826051.ps clients/xprinter/ppds/epl3kf21.ps clients/xprinter/ppds/epl3kf51.ps clients/xprinter/ppds/epl75523.ps clients/xprinter/ppds/f71rx503.ps clients/xprinter/ppds/filename_map.txt clients/xprinter/ppds/gcbl4921.ps clients/xprinter/ppds/gcbl5141.ps clients/xprinter/ppds/gcblp2_1.ps clients/xprinter/ppds/gcblp2s1.ps clients/xprinter/ppds/gcblpel1.ps clients/xprinter/ppds/generic.ps clients/xprinter/ppds/gsgl8001.ps clients/xprinter/ppds/hp3si.pcl clients/xprinter/ppds/hp3si.ps clients/xprinter/ppds/hp3si523.ps clients/xprinter/ppds/hp4l.pcl clients/xprinter/ppds/hp4l.ps clients/xprinter/ppds/hp4m.pcl clients/xprinter/ppds/hp4si.pcl clients/xprinter/ppds/hp4si.ps clients/xprinter/ppds/hp4v.ps clients/xprinter/ppds/hp_3d522.ps clients/xprinter/ppds/hp_3p522.ps clients/xprinter/ppds/hp_650c.pcl clients/xprinter/ppds/hp_650c1.ppd clients/xprinter/ppds/hp_650c1.ps clients/xprinter/ppds/hp_750c.pcl clients/xprinter/ppds/hp_750c.ps clients/xprinter/ppds/hp_755cm.pcl clients/xprinter/ppds/hp_755cm.ps clients/xprinter/ppds/hpdj1200.pcl clients/xprinter/ppds/hpdj1200.ps clients/xprinter/ppds/hpii.pcl clients/xprinter/ppds/hpiid.pcl clients/xprinter/ppds/hpiid522.ps clients/xprinter/ppds/hpiii.pcl clients/xprinter/ppds/hpiii.ps clients/xprinter/ppds/hpiii522.ps clients/xprinter/ppds/hpiiid.pcl clients/xprinter/ppds/hpiiip.pcl clients/xprinter/ppds/hpiip.pcl clients/xprinter/ppds/hpiip.ps clients/xprinter/ppds/hpiip522.ps clients/xprinter/ppds/hpiv.pcl clients/xprinter/ppds/hpiv.ps clients/xprinter/ppds/hplj_31.ps clients/xprinter/ppds/hplj_3d1.ps clients/xprinter/ppds/hplj_3p1.ps clients/xprinter/ppds/hplj_4m.readme clients/xprinter/ppds/ib4029a1.ps clients/xprinter/ppds/ib4029b1.ps clients/xprinter/ppds/ibm17523.ps clients/xprinter/ppds/ibm20470.ps clients/xprinter/ppds/ibm30505.ps clients/xprinter/ppds/ibm39523.ps clients/xprinter/ppds/ibm4079.ps clients/xprinter/ppds/kdcolor1.ps clients/xprinter/ppds/l100_425.ps clients/xprinter/ppds/l200_471.ps clients/xprinter/ppds/l200_493.ps clients/xprinter/ppds/l300_471.ps clients/xprinter/ppds/l300_493.ps clients/xprinter/ppds/l330_523.ps clients/xprinter/ppds/l3330523.ps clients/xprinter/ppds/l500_493.ps clients/xprinter/ppds/l530_523.ps clients/xprinter/ppds/l5330523.ps clients/xprinter/ppds/lex4039.pcl clients/xprinter/ppds/lex4039.ps clients/xprinter/ppds/lex4047.pcl clients/xprinter/ppds/lex4079p.ps clients/xprinter/ppds/lexoptra.pcl clients/xprinter/ppds/lexoptra.ps clients/xprinter/ppds/lh_630_1.ps clients/xprinter/ppds/lwnt_470.ps clients/xprinter/ppds/lwntx470.ps clients/xprinter/ppds/lwntx518.ps clients/xprinter/ppds/moim1201.ps clients/xprinter/ppds/mono_522.ps clients/xprinter/ppds/n2090522.ps clients/xprinter/ppds/n2290520.ps clients/xprinter/ppds/n890_470.ps clients/xprinter/ppds/n890x505.ps clients/xprinter/ppds/nc95fax1.ps clients/xprinter/ppds/nc97fax1.ps clients/xprinter/ppds/nc_n4f21.ps clients/xprinter/ppds/nc_n4f51.ps clients/xprinter/ppds/nccps401.ps clients/xprinter/ppds/nccps801.ps clients/xprinter/ppds/ncol_519.ps clients/xprinter/ppds/ncs29901.ps clients/xprinter/ppds/ncsw_951.ps clients/xprinter/ppds/np20.ps clients/xprinter/ppds/npclplus.ps clients/xprinter/ppds/nx_nlp_1.ps clients/xprinter/ppds/o5242503.ps clients/xprinter/ppds/ok801pf1.ps clients/xprinter/ppds/ol830525.ps clients/xprinter/ppds/ol840518.ps clients/xprinter/ppds/p4455514.ps clients/xprinter/ppds/q2200523.ps clients/xprinter/ppds/q2210523.ps clients/xprinter/ppds/q2220523.ps clients/xprinter/ppds/q810t517.ps clients/xprinter/ppds/q820_517.ps clients/xprinter/ppds/q820t517.ps clients/xprinter/ppds/qcs10503.ps clients/xprinter/ppds/qcs20503.ps clients/xprinter/ppds/qcs30503.ps clients/xprinter/ppds/qm1700_1.ps clients/xprinter/ppds/qm2000_1.ps clients/xprinter/ppds/qm815mr1.ps clients/xprinter/ppds/sprn.ps clients/xprinter/ppds/qm825mr1.ps clients/xprinter/ppds/qmps4101.ps clients/xprinter/ppds/qmps8151.ps clients/xprinter/ppds/qmps8251.ps clients/xprinter/ppds/qms81470.ps clients/xprinter/ppds/qms8_461.ps clients/xprinter/ppds/qms8p461.ps clients/xprinter/ppds/qmscs494.ps clients/xprinter/ppds/qmsj_461.ps clients/xprinter/ppds/qmsjp461.ps clients/xprinter/ppds/qume_470.ps clients/xprinter/ppds/r6000505.ps clients/xprinter/ppds/s5232503.ps clients/xprinter/ppds/s746j522.ps clients/xprinter/ppds/scg20522.ps clients/xprinter/ppds/t1513470.ps clients/xprinter/ppds/t1535470.ps clients/xprinter/ppds/ti08_450.ps clients/xprinter/ppds/tim17521.ps clients/xprinter/ppds/tim35521.ps clients/xprinter/ppds/titrb161.ps clients/xprinter/ppds/titrbo61.ps clients/xprinter/ppds/titrbo91.ps clients/xprinter/ppds/tix17521.ps clients/xprinter/ppds/tix35521.ps clients/xprinter/ppds/tkph2sd1.ps clients/xprinter/ppds/tkphz2j1.ps clients/xprinter/ppds/tkphz3j1.ps clients/xprinter/ppds/tkphzr21.ps clients/xprinter/ppds/tkphzr22.ps clients/xprinter/ppds/tkphzr31.ps clients/xprinter/ppds/tkphzr32.ps clients/xprinter/ppds/tkpxe171.ps clients/xprinter/ppds/tkpxe391.ps clients/xprinter/ppds/u9415470.ps clients/xprinter/ppds/uni17521.ps clients/xprinter/ppds/uni39521.ps clients/xprinter/ppds/v5334522.ps clients/xprinter/ppds/vt42p522.ps clients/xprinter/ppds/vt43p522.ps clients/xprinter/ppds/vt4510a1.ps clients/xprinter/ppds/vt4530a1.ps clients/xprinter/ppds/vt4530b1.ps clients/xprinter/ppds/vt4530c1.ps clients/xprinter/ppds/vt4533b1.ps clients/xprinter/ppds/vt4533c1.ps clients/xprinter/ppds/vt453ea1.ps clients/xprinter/ppds/vt453eb1.ps clients/xprinter/ppds/vt4550a1.ps clients/xprinter/ppds/vt4550b1.ps clients/xprinter/ppds/vt4550c1.ps clients/xprinter/ppds/vt4551a1.ps clients/xprinter/ppds/vt4563a1.ps clients/xprinter/ppds/vt4563b1.ps clients/xprinter/ppds/vt49901.ps clients/xprinter/ppds/vt4l3001.ps clients/xprinter/ppds/vt4l3301.ps clients/xprinter/ppds/vt4l5001.ps clients/xprinter/ppds/vt4l5301.ps clients/xprinter/ppds/vt530522.ps clients/xprinter/ppds/vt550522.ps clients/xprinter/ppds/vt600p1.ps clients/xprinter/ppds/vt600w1.ps clients/xprinter/ppds/vt60p480.ps clients/xprinter/ppds/vt60w480.ps clients/xprinter/ppds/xrdocu11.ps clients/xprinter/ppds/xrdt0851.ps clients/xprinter/ppds/xrdt0901.ps clients/xprinter/ppds/xrdt1351.ps clients/xprinter/psstd.fonts clients/xprinter/rgb.txt clients/xprinter/xprinter.prolog clients/bin/fwvpnlv clients/bin/fwvpnss clients/bin/fwvpnui Problem Description: Solstice FireWall-1 Version 3.0b New Features 1. FireWall-1 for IBM/AIX 4.1.5 & 4.2.1 2. FireWall-1 support for Solaris 2.6 3. SecuRemote Version 3.0 including: Client Encapsulation Support for all FireWall-1 authentication schemes Support for Windows 95B Support for Windows 95 Power Management suspend/hibernation 4. Support for Cisco 11.2 routers management 5. New Services Support: Connected OnLine Backup, AOL, OnTime 6. Session Authentication Agent for Windows 3.11 Known Bugs and Restrictions Solaris 2.6 1. FireWall-1 3.0b supports Solaris 2.6. Since previous FireWall-1 versions cannot be installed on Solaris 2.6, you must upgrade your FireWall-1 software to 3.0b before upgrading the Operating System to Solaris 2.6. 2. The X/Motif Log Viewer cannot run on Solaris 2.6. Contact your FireWall-1 re-seller to get a patch for supporting it when it is available. 3. If if there is no dumb terminal installed, the FireWall-1 installation may fail. 4. When setting the boot security on Solaris 2.6, the file /etc/rcS.d/S30rootusr.sh gets corrupted, and the system fails to reboot. Before installing the software, please contact your FireWall-1 reseller for a patch that solves this problem. Solaris 2.x When using encryption on Solaris 2.x machines, you must create certificate keys when defining network objects (you are not prompted to do so during installation). IBM/AIX The IBM/AIX version does not support multiprocessor machines. Please contact you re-seller for a special patch for supporting it. Windows NT 4.0 FireWall-1 on Windows NT 4.0 with Service Pack 3 does not work properly with RAS. Windows 95 SecuRemote installation fails on some portable machines. All Platforms The SMTP Security Server sends an LF symbol rather then a CR-LF for each line. This causes compatibility problems with some SMTP Servers. Contact your re-seller for a patch that solves this problem. FireWall-1 3.0b Management station cannot properly manage 3.0 FireWall Modules. You need to upgrade the FireWall Module to 3.0b as well. Using FireWall-1 Synchronization under a heavy load may crash the machine under the heavy load. Contact your re-seller for a patch that solves this problem. User Guide Clarifications The following material clarifies subjects discussed in the FireWall-1 User Guide. Getting Started Installing FireWall-1 Operating Systems In Table 3-8 on page 87, the list of Solaris versions under Operating Systems should read "Solaris 2.3, 2.4, 2.5 and 2.6". Licenses On page 105, any references to "serial number" should read "Certificate Key." Architecture and Administration Security Servers FTP Resources When an FTP connection is mediated by the FireWall-1 FTP Security Server, then the user's requested FTP commands and file names are matched against the FTP Resource defined in the relevant rule. The FTP Security Server is invoked when a rule specifies an FTP Resource in the Service field and/or User Authentication in the Action field. If no FTP Resource is specified in the rule (that is, if the Security Server is invoked because the Action is User Authentication), then an FTP Resource of GET and PUT allowed for all files is applied. FTP Resource Matching FTP Resource matching consists of matching methods and file names. Methods Table 1-1 on page 7 lists the FTP commands that correspond to the methods specified in the FTP Resource definition. FTP actions and commands method applies to these FTP commands meaning (in the FTP Resource) --------------------- ----------------------------- -------------- GET RETR retrieve RNFR rename from XMD5 MD5 signature PUT STOR store STOU store unique APPE append RNFR rename from RNTO rename to DELE delete MKD make directory RMD remove directory The FireWall-1 FTP Security Server passes all other FTP commands to the FTP server for execution. File Names File name matching is based on the concatenation of the file name in the command and the current working directory (unless the file name is already a full path name) and comparing the result to the path specified in the FTP Resource definition. When specifying the path name in the FTP Resource definition, only lower case characters and a directory separator character / can be used. The Security Server modifies the file name in the command as follows: for DOS, the drive letter and the colon (:) is stripped for relative paths the directory separator character (/ or \) is replaced, if necessary, with the one appropriate to the FTP server's OS In some cases, the Security Server is unable to resolve the file name, that is, it is unable to determine whether the file name in the command matches the file name in the resource. Example - DOS Suppose the current directory is d:\temp and the file name in the resource is c:x. Then the Security Server is unable to determine the absolute path of the file name in the command because the current directory known to the Security Server is on disk D: and the file is on disk c:, which may have a different current directory. Example - Unix If the file name in the command contains .. references which refer to symbolic links, then it's possible that the file name in the command matches the resource's path, but that the two in fact refer to different files. When the Security Server cannot resolve a file name, the action it takes depends on the Action specified in the rule being applied: If the rule's Action is Reject or Drop, then the rule is applied and its Action taken. If the rule's Action is Accept, Encrypt or Authenticate, then: If the resource path is * or there is no resource, the rule is applied. Otherwise, the rule is not applied. Instead, FireWall-1 scans the Rule Base and applies the next matching rule (which may be the default rule that drops everything). In this case, a potential problem is that the rules may specify different entries in their Track fields. For example, it may happen that the original rule specifies Accounting in the Track field while the rule that is applied does not. Outgoing Connections User Authentication and Resource rules are applied only to connections incoming to a FireWalled machine. An outgoing connection originating on a FireWalled machine will not be folded into a Security Server on that machine, but will be dropped. Authentication ACE (SecurID) On Windows NT, the sdconf.rec file is in the SYSTEM32 directory under the directory in which Windows NT is installed. Miscellaneous Security Issues Verifying the Default Policy You can verify that the default Security Policy is indeed loaded as follows: 1. Boot the system. 2. Before installing another Security Policy, type the following command: $FWDIR/bin/fw stat The command's output should show that defaultfilter is installed. SYNDefender The following text should be added at the end of the "The TCP SYN Flooding Attack" section. Choosing an Appropriate SYNDefender Method As a first step, you should consider whether you need SYNDefender at all. Since the SYN flooding attack is a "denial of service" attack rather than a security breach, it may be more effective to deploy SYNDefender only after a SYN attack actually occurs. Another "low cost" alternative is to deploy SYNDefender Gateway, and if a SYN attack occurs, to deploy SYNDefender Relay. SYNDefender Gateway vs. SYNDefender Relay SYNDefender Gateway is an effective defense method which divides the cost of the defense between the FireWalled gateway and the server under attack. The overhead for the server is similar to that of an established non-active connection, of which a server can typically handle thousands. This non-active connection only exists for the short timeout period (configured with the GUI). In SYNDefender Relay, the FireWalled gateway completely isolates the server from SYN flooding attacks, that is, the connection is not passed to the server until after its validity is verified. The cost is that the FireWalled gateway must relay (with some overhead) every single TCP packet for the lifetime of the connection. In contrast, with SYNDefender Gateway, the gateway "forgets" about the connection after a short timeout period or after the connection has been established. In addition, problems may arise when a FireWall's Security Policy is uninstalled, or when a FireWall is rebooted. Since every connection was relayed by the FireWall, these connections become "confused," and the network may be overloaded by the servers' futile attempts to resolve this confusion. In summary, if SYNDefender is required, start with SYNDefender Gateway. If you find that your servers are coming under frequent SYN flooding attacks (as apparent from the Log Files), and that your server performance deteriorates as a result of the non-active (short timeout) connections created for each attack attempt, then you should consider the SYNDefender Relay method. Passive SYNDefender Gateway is an inferior method to both SYNDefender Gateway and SYNDefender Relay. The guidelines above refer to SYNDefender Gateway rather than to Passive SYNDefender Gateway. Getting Help If you have problems installing or using this product, call the appropriate number listed in Table 3-13 on page 110 of Getting Started with FireWall-1. If you cannot locate the number for your location, call 1-800-SUNSOFT (1-800-786-7638) from anywhere in North America. From other countries, call your Authorized Semisoft Distributor or Reseller. Please have the following information ready when you call: model number of the system serial number of the system Patch Installation Instructions: -------------------------------- This is a complete Update / Release and is provided in PKGADD format instead of the normal installpatch method. Special Install Instructions: ----------------------------- Review the ReleaseNotes prior to installation and ensure that a complete BACKUP of the system is performed prior to installing this update. 1. Become super-user. 2. Perform a complete backup of the system. 3. Install the Update by typing: /usr/sbin/pkgadd -d where is the directory containing the update itself. Example: # cd /tmp_update-dir/123456-01 # /usr/sbin/pkgadd -d . 4. If any errors are reported, please contact the appropriate number listed in Table 3-13 on page 110 of Getting Started with FireWall-1. If you cannot locate the number for your location, call 1-800-USA-4SUN (1-800-872-4786) from anywhere in North America. Rebooting the system or restarting the application after a successful patch installation is usually necessary to utilize the update.