Course # 1210 - gnatbox.com · Course # 1210 Global Technology ... Citrix Xenserver VMware ... Xenserver we recommend 5.0 or above GB-Ware will also run on Parallels VM Player

© 2009 GTA, INC. CONFIDENTIAL & PROPRIETARY, NOT FOR DISTRIBUTION.

‹#›

Course # 1210

Global Technology Associates, Inc.

http://www.gta.com/


‹#›

What is GB-Ware? GB-Ware is GTA’s most flexible product offering. It is a total gateway perimeter

solution that can be install on hardware of your choosing. ! GB-Ware can be installed on both hard disk and compact flash cards and supports

virtualized environments. ! Power by GB-OS and comes in 10 user to unrestricted user licenses. ! Optional Features include:

▪ Multiple interfaces (up to 20 physical interfaces) ▪ Email Proxy Ant-Spam ▪ Email Proxy Anti-Virus with Support or Maintenance Contract ▪ Web Content Filtering ▪ Additional Mobile Client Licenses (IPSec/PPTP/L2TP and SSL) ▪ High Availability

!


‹#›

✓ Hardware independent ✓ Administrators can choose their own hardware ✓ Easy to move to new platform in event hardware failure. ✓ No worries of hardware no longer being supported or out of warranty.

✓ Installs on; ✓ Hard driver

✓ IDE ✓ SATA

✓ SD Cards [v6.2] ✓ MicroSATA [v6.2]

✓ Supports Virtualization – ✓ Citrix XEN server ✓ VMware ✓ Virtual Box

✓ High Availability ✓ Install 32 or 64 Bit GB-OS. ✓ Online licenses allows for easy licenses transfers to new hardware without

contacting GTA to release licenses. ✓ Purchase download only version, “No shipping costs!” ✓ Full Feature Time Limited Demonstration Product Available.

GB-Ware

Hardware


‹#›

▪ Basic Hardware information can be found at http://www.gta.com/tech/hardware/

▪ Each update of the GB-OS usually includes updated NIC drivers. ▪ Current GB-Ware OS based on FreeBSD 9 and listed drivers

can be found at http://www.freebsd.org/releases/9.0R/hardware.html#ETHERNET

▪ Next major release will be on FreeBSD 10 ▪ If firewall does not have the minimum memory for a type then it

will verify this as a warning. Warning only to indicate you may not get all concurrent connection and available Top reports.

▪ AESNI Support – if your hardware supports it. ▪ Onboard AES Encryption acceleration ▪ V6.1.1

GB-Ware

HARDWARE

http://www.gta.com/tech/hardware/


‹#›

GB-Ware Feature Comparison


‹#›

Users Standard Interfaces

Optional interfaces

Connections

GB-Ware User Limited

10 2 PSN 2,000


25 2 PSN 5,000


50 2 PSN 10,000

GB-Ware Unrestricted

Unrestricted 3 Up to 20 128,000

GB-Ware Enterprise

Unrestricted 4 Up to 20 Memory Dependent

Users – Interfaces - Connections

Number users, connections & Interfaces are based on GB-OS v6.1


‹#›

GB-Ware Reports by Type & Memory

Based on current release v6.1X and later.


‹#›

Virtualized GB-Ware▪ GTA actively supports

▪ Citrix Xenserver ▪ VMware ▪ Virtual Box

▪ VMware we recommend 3.0 or above ▪ Xenserver we recommend 5.0 or above ▪ GB-Ware will also run on

▪ Parallels ▪ VM Player ▪ Hyper-V –

▪ Only supports Legacy Adapters ▪ Which means you will only get

10/100 Mbps Ethernet NIC’s.


‹#›

Why use a Virtual Firewall

▪ Fully Utilize hardware ▪ Save Rack Space ▪ Power consumption ▪ Alleviate hardware compatibility and NIC

issues. ▪ Sales Demonstrations ▪ Testing configurations


‹#›

Virtualized GB-Ware▪ To run GB-Ware on virtual hosts, launch your virtual machine

manager and follow the steps for new installation. ▪ Insert the GB-Ware installation CD or select the ISO image of

the CD to launch the install process. 1. Specify the memory requirements

▪ GBWare User Limited : 512 MB RAM ▪ GB-Ware Unrestricted: 1 GB RAM ▪ GB-Ware Enterprise: 2 GB RAM

2. Specify the disk space requirements (GTA recommends 2 to 4 GB). 3. Next, add virtual NICs (GTA recommends at least 2). Once the computer finishes booting, switch to the console view. 4. You will see the About GB-OS Runtime Installer screen. Follow the normal installation instructions.


‹#›

VMWare

▪ GTA recommends using the E1000 Adapter

▪ VMWare & High Availability ▪ Must use same priority ▪ VMWare will block some

packets in HA state transition.


‹#›

Installation Demo

▪ Do the demo now!


‹#›

Licenses Methods▪ Online Licenses – uses GTA Licenses server. ▪ 10 Nodes ▪ 25 Nodes ▪ 50 Nodes ▪ Unrestricted Nodes

▪ Legacy – [Still Supported] ▪ Key Block – No longer provided

▪ USB ▪ Parallel Port

▪ MAC Address – No longer provided


‹#›

New GB-Ware Codes

Has to be registered in the GTA Support Center to retrieve activation codes.


‹#›

Activation CodesCodes Require online activation

Codes Require Key Block


‹#›

Versions License

▪ Each GB-OS version requires a licenses key. ▪ In above the firewall is licensed for v6.1 and

v6.2. ▪ If your firewall does not the codes for it’s

current version. The system will be unlicensed.


‹#›

Online Licensing

▪ Uses online licensing ▪ Requirements for online Licensing

▪ DNS configured ▪ Allowed Connection to als.gta.com using SSL

▪ Older systems may transfer to the online licenses. ▪ Once a firewall is licensed;

▪ Tthe firewall will stay licensed for up to 72 hours v5.3.0 and below, and ▪ Up to 120 hours for v5.3.1 – 6.1.3 with loss of access to als.gta.com or complete loss of Internet access. ▪ V6.1.4 – Will stay licensed for up to 15 days. ▪ On recovery of access the server will automatically licenses itself.

▪ Not suitable for firewalls with no Internet Access.


‹#›

Resetting or Transferring GB-Ware Licenses

▪ Only one firewall may hold the licenses for any GB-Ware installation. Any additional firewalls will need a separate serial number and licenses. However, a firewall administrator may transfer licenses from existing firewalls to new firewalls. These new firewalls may be on dedicated hardware or on virtual appliances.

▪ Once your new firewall platform is ready you will need to shut down the old firewall. Failure to shut down the old firewall may result in the original firewall assuming the licenses token again before your new firewall can acquire the licenses.

▪ To reset of transfer licenses go to the GTA Online Support Center and login - https://www.gta.com/support/center/login !!!!

▪ Important : Internet access to https://www.gta.com/support/center/login/ is required to reset the GB-Ware Licenses token.

https://www.gta.com/support/center/login

https://www.gta.com/support/center/login/

https://www.gta.com/support/center/login


‹#›


Once logged into the GTA Support Center navigate to View Registered Products. If the firewall serial number does not display enter it in the search field, and click search. If the search does not return the serial number confirm you are logged in to the correct account and the firewall has been registered.


‹#›


▪ Once you see your firewall serial number click on the serial number. This will bring you to the product details screen. For firewalls using online activation and which are active a reset-token link will be displayed. !!

▪ Click on the “Reset Licenses Token” link. This will reset the licenses for the firewall. The Licenses Token will display as below. !!!

▪ This indicates the licenses has been freed. You may now boot your new firewall or wait until it checks for its licenses. Once a license is retrieved by the firewall the link will revert to Reset Licenses Token link.


‹#›

When Should I reset my Licenses token?

▪ When re-installing on new hardware and you are ready to bring the new hardware live.

▪ When performing a runtime switch to previous version ▪ V6.1.4 and above– GB-Ware with Online License can release

it’s own token. ▪ Web Interface – [Monitor -> Tools -> Shutdown]

▪ Option will release token for another firewall and Halt the firewall. ▪ Console – Tools -> Shutdown -> Release Licenses


‹#›

GB-Ware Options - [Configuration -> Runtime -> Options]

▪ Runtime Slice ▪ Same as all other

products ▪ Console Mode

▪ Video – requires monitor

▪ Serial – requires serial port and standard DB9 to DB9 file transfer cable or terminal.

▪ Advanced ▪ Update MBR –

Changes master boot record from video to serial. Or from serial to video


‹#›

GB-Ware Serial numbers

▪ 12###### - Stand alone unit, not an upgrade of previous system. 121##### - Upgrade of an old GB Pro (11#) or GB-Flash (41#).

▪ 125##### - GB-Ware Enterprise


‹#›

Upgrading GB-Pro and GB-Flash to GB-Ware

▪ The Firewall Administrator has to login into the support center and click on the old firewall serial number.

▪ Link “Upgrade to GB-Ware” will display. ▪ Clicking on the link a

Form to enter GB-Ware serial number and Installation code will display.

▪ Clicking submit will remove the upgraded product and replace with new GB-Ware.


‹#›

FAQ▪ Question 1 – The firewall is not picking up the new licenses.

▪ Answer 1 – Confirm the system can ping als.gta.com/ using the Network Diagnostics - [Tools -> Network Diagnostics] Ping. If the firewall cannot ping als.gta.com confirm the firewall has Internet access to als.gta.com using SSL (TCP Port 443). If the firewall cannot resolve the name als.gta.com confirm, that DNS - [Services -> DNS] s configured properly and responding.

▪ Question 2 – Token becomes active in the support center and my firewall is still not licensed. ▪ Answer 2 – Confirm no other firewalls are using the same serial number and licenses. These

firewalls may be acquiring the licenses before the new system. ▪ Question 3 – What does ALS mean when attached to the activation codes?

▪ Answer 3 - ALS indicates the firewall uses online activation. ▪ Question 4 – Can I move from Key Block activation to online activation?

▪ Answer 4 – Yes, GTA allows customers to transition to online activation. All new GB-Ware firewalls shipped use online activation. Contact [email protected] or your local GTA Channel Partner for details on moving to Online Activation.

▪ Bridge Mode and Vmware – Interfaces on Vmware must be set to promiscuous mode. ▪ Question 5 – If my firewall loses Internet connection or connection to the licenses servers

will it stop? ▪ Answer 5 – GB-Ware firewalls using online activation have 72 hours version 5.3.0 and below, and

120 hours v5.3.1 and above period in which they will stay licensed if the firewall loses Internet access or access to the licenses servers. At the end of 72 or 120 hours the unit will change to a demonstration mode. Firewall administration is still available. However, connections are limited to two internal hosts outbound. Once connection to the licenses server is restored the system will return to an active state automatically.

http://demo.gta.com/monitor/netdiag/netdiag-fs_en_5.1.3_Live.html

http://demo.gta.com/config/svcs/dns/dns-fs_en_5.1.3_Live.html

mailto:[email protected]

http://www.gta.com/sales/locatorWorld/


‹#›

Trouble Shooting

Hardware does not support 64 bit GB-OS: Console Message –

Booting [/boot/kernel/kernel]... CPU doesn't support x86-64


‹#›

ReferencesGB-Ware Technical Specifications - http://www.gta.com/firewalls/gbwareTech/ GB-Ware Data Sheets – https://www.gta.com/firewalls/gbware/ GB-Ware Requirements – http://www.gta.com/tech/hardware/ FreeBSD - http://www.freebsd.org/releases/9.0R/hardware.html#ETHERNET VMWare Promiscuous mode - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004099 And http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1002934 And http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1004099 !

http://www.gta.com/firewalls/gbwareTech/

https://www.gta.com/firewalls/gbware/



http://www.gta.com/tech/hardware/

http://www.freebsd.org/releases/8.0R/hardware.html



http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004099






http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1004099

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1004099


‹#›

▪ Support Email: [email protected] ▪ Support Phone: 1.407.482.6925 ▪ Sales Email: [email protected] ▪ Sales Phone: 1.407.380.0220 or 1.800.775.4482 ▪ Normal Hours: 0830-1900 EST U.S. ▪ Free User Support:

▪ http://forum.gta.com ▪ Mailing List: [email protected]

▪ Facebook: https://www.facebook.com/GTAFirewalls ▪ Twitter: @gtafirewalls ▪ GTA Partners: https://www.gta.com/sales/locatorWorld/

28

mailto:[email protected]

http://forum.gta.com/

https://www.facebook.com/GTAFirewalls

https://www.gta.com/sales/locatorWorld/

http://www.gta.com/

Documents

Course # 1210 - gnatbox.com · Course # 1210 Global Technology ... Citrix Xenserver VMware ... Xenserver we recommend 5.0 or above GB-Ware will also run on Parallels VM Player