Software Release Date: 10/27/2003
Updated Date: 08/30/2013
This release provides new features and fixes for the FirePass remote access controller version 4.0.1. We recommend upgrading to this version for those customers who want the features and fixes listed below. You can apply the software upgrade to versions 3.1 and later. For information about installing this software version, please refer to the instructions below.
To upgrade an installed FirePass 3.0, 3.1, 3.5 or 4.0 controller to version 4.0.1, go to the Server tab on the Administrative Console and click the Maintenance link followed by the Online Update link.
For more information about installing, licensing, and configuring Release 4.x, or to install a new appliance, please refer to chapters 2 and 5 of the FirePass Server Administrator Guide
Important: As of version 4.0, the FirePass 1000 Platform no longer supports clustering. The FirePass 4000 Platform is the only platform supporting clustering. Please contact your sales representative if you have questions.
Release 4.0.1 includes the following new features and fixes.
New option to force AppTunnel and SSL VPN to close (CR29522)
We added an option under the Server tab, Security link, Caching and compression page, allowing the Administrator to force closing the AppTunnels and SSL VPN popup windows (ending the respective sessions) if the user either closes the FirePass session browser window or navigates outside it, without logging off.
Support for LDAP version 3 added (CR29665)
The FirePass controller now supports version 3 of the LDAP protocol. Customers using LDAP for authentication, address book, user import, mail server and account mapping, or user or group object import, may specify the protocol version (2 or 3) on the respective configuration screens. For upgraded systems, the FirePass controller uses version 2 as the default value.
New operations added to Maintenance Console (CR29688)
The Maintenance Console (serial interface) now allows some additional configuration operations. You can
FirePass server name
FirePass IP address
FirePass IP mask
DNS server IP address
Gateway IP address
The server restarts after you reset the settings. You can then access it from a web browser, using the reset IP address followed by /stats/ .
See the version 4.0 release notes to review the new features of version 4.0, and to see a list of the issues fixed between versions 3.x and 4.0. Release 4.0.1 includes the additional following fixes:
Form-based authentication over non-secure connections (CR28739)
Form-based authentication worked only over secure (HTTPS) connections. Now form-based authentication also works over non-secure (HTTP) connections.
On LDAP import, non-standard LDAP port and SSL parameters were not always respected (CR29007)
We fixed a certificate issue that gave this error. Note, though, that not all LDAP servers and browsers support SSL connections. When accessing LDAP servers over SSL connections, also ensure that the name in the LDAP Host field exactly matches the host name on the LDAP server's certificate.
The initial cluster synchronization delay has been reduced from 60 to 15 seconds (CR29076)
In a cluster, the elapsed time from startup to the first synchronization was shortened from 60 to 15 seconds. The subsequent, recurring synchronization interval remains fixed at 60 seconds.
HTML was sometimes visible on Application log content and downloads (CR29298)
We have correced the logs, and they no longer display HTML.
Wrong status on reinstalled certificate (CR29341)
After a certificate was reinstalled, the Network Configuration screen still displayed its status as Fake or Expired. The certificate status is now updated correctly.
SSL VPN sessions with special characters in their names would not close (CR29368)
On Internet Explorer 5.x, an AppTunnel or SSL VPN session whose name contains a space or special character could not be closed using the "Close" button. Internet Explorer 6.x worked as expected. We have modified the FirePass server so that these sessions can now be closed correctly using the earlier browser releases.
Missing Routing parameters on Finalize screen (CR29402 and CR 29566)
Under the Server tab, Maintenance link, Network Configuration, two configurable routing parameters (Window size and Default Gateway) were not displayed for review on the Finalize screen. We have added these parameters to the Finalize screen.
Load monitor graphs were sometimes empty or non-existent (CR29446)
We have fixed a stack-overflow error in the database generation program that was responsible for this intermittent error.
Custom color used in Administrative Console (CR29476)
The custom color used by the end-user interface is no longer used in the Administrative Console, since sometimes it clashes with or obscures the standard vendor logo.
Low-voltage alarm threshold lowered (CR29477)
We lowered the voltage threshold that triggers a low-voltage alarm in the Health Monitor. The new versions of the motherboard use a lower level of power when they are in standby mode.
System name missing from emails (CR29478)
The system name was missing from support and status emails originating from the FirePass server. The name is now displayed correctly.
My Intranet sometimes failed on interactive sites containing forms (CR29479)
Some interactive web sites (for example, eTrade.com and citibank.com) displayed blank screens. A problem with form POSTs was found and fixed. These site pages now display correctly.
My Intranet always used a single set of base credentials(CR29485)
My Intranet always used one set of base credentials, resulting in failure of access when the user attempted to connect to other sites requiring different credentials. Now if additional authentication is needed for other sites, FirePass presents the the logon/password screen.
Problem with replacing desktop certificates (CR29487)
Changing the server certificate used to represent a desktop system did not update the installed desktop systems. Now the desktop agent always uses the certificate on the server, so now it always obtains the current one.
Customers upgrading from 3.x could not add additional certificates (CR29488)
New certificates would overwrite the old ones. The upgrade now allows adding multiple certificates.
Problem with upgrading multiple installed certificates (CR29489)
If a 3.x customer used different certificates for the server and the desktop systems, they were incorrectly recorded during an upgrade to 4.0. The upgrade now records these certificates correctly.
i-Mode mini-browsers received a function call error message in MyDesktop Favorites (CR29492)
We have resolved this issue and i-Mode Favorites appear correctly.
On WML mini-browsers, attempting to return to MyNetwork from MyDesktop gave an error (CR29505)
This issue has been resolved and the return functions correctly.
Deleted static host names sometime reappeared after the server was restarted (CR29509)
Static host names now can be removed permanently.
Error in email Guest Access invitation (CR29519)
The automatic email invitation for Guest Access contained a malformed link. The link is now formed correctly.
Out-of-date User Guide (CR29520)
R4.0 included an out-of-date User Guide in the Administrative Console Desktop Download area. The guide and link were removed.
Incorrect network list in WAP/WML mini-browsers (CR29529)
In WAP/WML mini-browsers, sometimes the list of network computers was not correctly parsed and displayed. We have fixed the parser and display.
Passwords for X-Windows favorites not supplied (CR29555)
An X-Window favorite accessed directly from the desktop did not supply a "remembered" logon/password. We have corrected this issue.
New folders for corporate email accounts (CR29570)
This PTF includes an enhancement allowing MyE-mail users to add new folders to corporate IMAP/POP accounts.
Problem committing FQDN change (CR29571)
Attempting to commit a change to the fully-qualified domain name (FQDN) of the FirePass server gave an error. We have resolved this issue, and now you can finalize changes to the FQDN.
On mini-browsers, you could not see the folder favorites set by the administrator (CR29590)
The folders are now available.
HTTPS instance of the Apache web server occasionally stopped responding (CR29592)
Port 443 sometimes stopped responding, or responded only after a long delay. This issue has been addressed in this release.
Problem with public root folder display (CR29595)
In My E-mail, the public folders root on IMAP servers had no caption and the hierarchy was not correctly displayed. The root folder and hierarchy are now displayed correctly.
The X-11 Webifyer sometimes caused a hard lock (CR29596)
Sometimes the X-11 Webifyer malfunctioned, making the FirePass browser session window unavailable. We have resolved this issue.
AppTunnel - SSL VPN plugin running under Netscape did not work the first time (CP29624)
After its initial installation, the Apptunnels - SSL VPN plugin for Netscape/Mozilla browsers functioned incorrectly until the popup window was closed and reopened. Now it works correctly immediatley after installation, without additional user intervention.
Using AppTunnels, assigning a shared resource to a local drive sometimes failed (CR29691)
If a host path was specified, the drive mount failed. We found and fixed a problem with the path name specification. You now can mount shared resources as virtual local drives by specifying the host path. In addition, we deleted an obsolete reference in the Help text describing an alternative method (patching the hosts file with the local IP address and name). This technique for specifying a local virtual drive is no longer available.
[ Top ]
The following items are known issues in FirePass Release 4.0.1.
Some web pages cannot be parsed by MyIntranet (CRs 28664, 28678, 28801, 28806)
Occasionally a web page contains Java or HTML code that the FirePass server cannot parse. If you can identify the problem code, it may be possible to create a content preprocessing script to patch it.
If you already know what code is causing the problem, you may be able to create a string editor (sed) script to modify it. To apply a sed script, use Maintenance->Content Processing.
If not, please contact Technical Support. To assist Technical Support engineers in isolating the problem code,
Send the debug log to the support contact handling your report.
A pop-up dialer may appear if you are using SSL VPN (CR 29500)
If you browse to an external web site while using SSL VPN and Internet Explorer, and the external server generates a "page not found" (404) error, you may get a popup dialer window. The VPN dialer will fail. The solution is to open Internet Options->Connections in your browser, and either delete any out-of-date FirePass dialer or VPN connections, or simply select the Never dial a connection option on this page.
Missing sections in manual (CR29514)
Documentation for Cross-Site Scripting Security and for some new MyIntranet advanced Content Processing features is not included in theFirePass Server Administrator Guide. To use these features, consult the online help.
Invalid logon on unconfigured system gives error (CR29560)
If you enter an invalid administrator logon/password on an unconfigured FirePass, you will be directed to a default URL (www.mycompany.com) that does not exist, and you will get a "page not found" error.
Network Configuration tabs misbehave intermittently on a non-licensed FirePass (CR29564)
Some screen tabs do not appear dependably on an unlicensed controller. Restarting the session usually resolves this problem.
No ARP request on restart (CR29593)
FirePass servers do not automatically perform a gratuitous address resolution protocol (ARP) request when they are restarted.
Changes in Maintenance Console are not reflected in the manual (CR29670)
Chapter 2 of the FirePass Server Administrator Guide describes an option to perform basic network configuration using the Maintenance Console. The Maintenance Console has changed. However, you still can perform several important operations using the Management Console. See a list of the added capabilities in the New Features section of this Release Note, above.
Users of back levels of Sun Java Runtime Environment may experience problems with Low-level Maintenance (Telnet) access (CR29737)
If you use Internet Explorer and have installed older versions of the Sun Java Virtual Machine plug-in, you may experience problems with low-level (Telnet) access to the maintenance console from the web-based Administrative Console. If you use Version 1.4.0, you may get an error message: "The host is not responding." If you use Version 1.3.1, the page is not properly displayed. In either case, the recommended solution is to disable the Sun Java Virtual Machine. To do so, go to the Tools menu in Internet Explorer, and click on Internet Options > Advanced tab. Uncheck the Use Sun Java Virtual Machine... item and restart your browser. Alternatively, you may install a later version by going to www.java.com and downloading the plugin.
[ Top ]