Patch-ID# 105083-01
Keywords: 3.0a jumbo upgrade patch nt Windows NT 4.x
Synopsis: Solstice FireWall-1 3.0a: Windows NT 4.x: upgrade/jumbo patch VPN
Date: Jul/18/97

Solaris Release: 

SunOS Release: 

Unbundled Product: Solstice FireWall-1

Unbundled Release: 3.0a

Relevant Architectures: i386
NOTE:intel

BugId's fixed with this patch: 

     NOTE: This is a generic upgrade to 3.0, please see below for
     a comprehensive list of enhancements and fixes.

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch:
disk1.zip
disk2.zip
disk1.zip
disk2.zip
session.zip

NOTE:
  fw:
	disk1.zip
	disk2.zip
  gui:
	disk1.zip
	disk2.zip
  agents:
	session.zip


Problem Description:

   Kernel Driver
   -------------
   - Improve control over kernel memory allocation.

   - Fix problems with modifying packets on HPUX that might 
     crash the machine in rare circumstances.

   - Reject did not work properly on Token Ring cards for 
     Windows NT.


   Authentication
   --------------
   - generic* user feature did not work


   Security Servers
   ----------------

   HTTP:

   - did not work properly on Solaris2-x86

   - crashes if it receives an empty header

   - Predefined Servers Mode did not work

   - Using IP Address as host name in URL definition 
     didn't work for Windows NT and Solaris2-x86

   - If by changing the security policy, the access to a 
     URL is allowed, then blocked and then re-allowed again,
     the URL will not be accessed.

   - resources and authentication, if FireWall password is
     but the password for the server is not, the user
     is prompted to enter server passwrd and not for both.

   - Connection from FW-1 to two HTTP servers that are located on
     the same host is impossible.

   SMTP:   
   -  failed to rewrite the user-defined field.
  
   RLOGIN: 
   -  Using successive rlogin sessions did not work.


   OPSEC
   -----
   - CVP with HTTP was stuck on headers-only HTTP replies

   - Cannot defined unresolvable UFP Server name


   Code Generation
   ---------------
   - Wrong INSPECT code for network mask 0.0.0.0

   - Wrong INSPECT code for IP Addresses of the type 255.*.*.*

   - Install On 'All' did not apply to routers.


   Address Translation
   -------------------
   - Fix ICMP errors translations


   GUI
   ---
   OpenLook:
        - GUI crashed when viewing (or verifying) security policy

   Windows & X/Motif:
        - Interfaces Properties lost on Windows GUI from time to time
        - When defining interfaces, a wrong Warning appeared
        - *local mode failed to work
   X/Motif only:
                - crashed when defining RADIUS Servers
                - crashed when defining Time objects

   Encryption
   ----------
   - Session Authentication did not work together with SKIP Encryption

   - SPI Keys generation did not work on Windows GUI

   - Error Message in FWZ encryption on Windows NT (FW_FREE_MEMORY - 
     Cannot free NULL pointer)

   - SecuRemote failed to fetch site information from a management only station 

   - Encryption Method 'Any' choose the weakest encryption method

   - Encryption Method RC4-40 with Manual IPSEC did not work properly.

   - SecuRemote communication cannot pass through an intermediate firewall.

   - Combining Encryption with Security Servers didn't work on some
     configurations.

   - Memory leaks of fwd when working with SecuRemote and/or SecuRemote


   Installation
   ------------
   - Lists directory were not created during Windows NT installation


   Log & Alert
   -----------
   - FireWall to Management Log connection failed to re-established after
     Management goes down.

   - Mail alert default command applied for Solaris2 only

   - Problems with Accounting information after re-loading a new security Policy

   - Replace 'packets:' with 'packets' in the log file


   Licensing
   ---------

   - High Availability feature was not available under the Starter Products
     and limited Modules



Patch Installation Instructions 
-------------------------------
(1) Stop the firewall.

(2) Copy the .zip file for the component you wish to install onto the NT
    system.  For agents use session.zip, for fw, disk1.zip and disk2.zip
    located in the fw subdirectory of the patch distribution, and for agents
    disk1.zip and disk2.zip from the agents directory in the patch
    distribution.

(3) After copying the zip files into an empty folder on the NT system,
    unzip the files to expand them, and then run the setup.exe script.
    This will install everything automatically, prompting the user
    for anything and everything necessary.  It is comprehensive and       
    user-friendly.

    If the user is upgrading from a prior system, the existing license will
    automatically be propogated (it is even displayed for the user's perusal
    in a dialogue box at one point during the install).

(4) The system will automatically reboot at the end of the installation.

(5) Start the firewall, if it isn't started automatically with your
    configuration.


