GeNUGate 7.0 Release Notes Important â Backup! - GeNUA

GeNUGate 7.0 Release Notes 

Information on the GeNUGate 7.0 product family is available in these release notes. 

Please read this document carefully! You are advised to install this upgrade, as this release both resolves 

various problems, and provides new features. 

Important – Backup! 

We strongly recommend performing a configuration or preferably full backup of your GeNUGate system 

BEFORE upgrading. 

Detailed instructions on how to perform this upgrade are available in section 6 of these release notes. 

Important – Mirroring: 

The models GeNUGate 400, 600 and 800 are equipped with mirror disks. 

During the upgrade procedure, systems with mirror disks (offline mirror) will DEACTIVATE mirroring. 

This enables testing of the upgrade. 

Upgrading of systems with mirroring is performed as follows: 

• Upgrade system as described in section 6. The mirror update is automatically deactivated. 

• Test: It usually is sufficient to let the upgraded system run under normal conditions for a few days. 

• Reactivate mirror: After testing, delete the file /var/db/.NOMIRROR. This reactivates the automatic 

mirror update and synchronizes the mirror at the next cron job run (nightly at 2.05 a.m.). 

Important - Upgrade Test in Multi User Mode: 

Numerous registry data structures were changed in version 7.0. Section 5.2 describes how to run a 

“Test Upgrade”, generate a new registry and check for inconsistencies. 

If this test generates error messages, we recommend fixing the inconsistencies before the real upgrade. 

GENUGATE 7.0 RELEASE NOTES Page 1 of 16

CONTENTS 

Contents 

1 Release Note Contents 4 

2 New Features in GeNUGate 7.0 4 

2.1 IPv6 Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

2.1.1 Configuration of Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

2.1.2 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

2.1.3 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

2.2 New Connection Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

2.2.1 PFL Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

2.2.2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

2.3 Improved Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

2.3.1 Acceleration of TCP, WWW and FTP Connections Without Content Analysis . . . 5 

2.3.2 Caching of Virus Scan Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

2.3.3 Virus Scan of a RAM Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

2.4 Remote Maintenance with GeNUCenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

2.5 Authentication with Password Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

2.6 SMTP AUTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

2.7 DNS Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

2.8 PFL Remote Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

2.8.1 Certificate Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

2.8.2 New Logwatch Patternis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

2.9 Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

3 Software Updates and Changes 8 

3.1 Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

3.2 VPN Option Deprecated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

3.3 Option High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

3.3.1 Manual Modification of the OSPF Configuration . . . . . . . . . . . . . . . . . . . . 8 

3.4 MIME Magic File Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

3.5 PFL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

3.5.1 Floppy Support Discontinued . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

3.5.2 Logging and Time Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

3.5.3 Internal Services: Active FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

3.6 SSH Key Generator Removed from the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

3.7 Compatibility Option Removed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

4 Overview: Versions with Update Support 10 

5 Before Upgrading 10 

5.1 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

5.2 Test Upgrade in Multi User Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

Page 2 of 16 GENUGATE 7.0 RELEASE NOTES

CONTENTS 

6 Upgrade Installation 11 

6.1 Upgrade Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

6.2 Data Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

6.3 Minimum Available Disk Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

6.4 Performing the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

7 Information in the Web 16 

8 How to Contact Us 16 


2 NEW FEATURES IN GENUGATE 7.0 

1 Release Note Contents 

These release notes describe the changes, bugfixes and new features available by updating from 

GeNUGate 6.3 to the current version 7.0. The detailed product configuration is described in the GeNUGate 

7.0 manual. 

An electronic version of these release notes, the software itself, and the product manual are available 

at http://www.genua.de/index.en.html in the Internal Customers Area. Please mail us at auftrag@genua.de 

if you prefer us to send you a CD-ROM. 

2 New Features in GeNUGate 7.0 

2.1 IPv6 Support 

The major new feature in version 7.0 is support for Internet Protocol Version 6. On the ALG and PFL the 

network interfaces are automatically assigned link-local addresses, but both systems ignore IPv6 router 

advertisements and do not perform autoconfiguration. 

When entering IP addresses or host and network objects for the GeNUGate, the IPv4 or IPv6 address 

family is automatically detected. Depending on the host and network objects used, ALG and PFL rules 

are then either restricted to an IP version, or configured with both v4 and v6. Per default, IPv6 traffic will 

not be handled by the GeNUGate system if no IPv6 addresses and routes have been configured. 

2.1.1 Configuration of Rules 

As mentioned above, IPv4 and v6 will be automatically configured in new rules, depending on the source 

/ destination ACLs and transparency settings of the rule. 

To restrict destination transparent rules to IPv4 only, simply add exclusively IPv4 entries to at least one 

of the ACLs. To select any IPv4 address, specify the ACL “0.0.0.0/0” (or “::/0” for IPv6). 

All rules specifying a proxy address on the GeNUGate are automatically set to the protocol family of this 

proxy address. 

Further information is available in the product manual. 

2.1.2 DNS 

Once IPv6 routes are available, the GeNUGate DNS server will send queries via IPv6. If name resolution 

returns both IPv4 and IPv6 addresses, Squid and sendmail will preferentially connect to IPv6 addresses. 

Please keep this in mind when setting up an IPv6 default route. 

The reason for this is that DNS queries by GeNUGate ask for both IPv6 (“AAAA”) and IPv4 (“A”) records. 

If results from both families are returned for a hostname, address selection is based on the “Default Policy 

Table” from RFC 3484, thus preferring IPv6 communication. 

In the upcoming version of GeNUGate 7.1, configuration of IPv6 DNS entries will be possible in the GUI. 

2.1.3 High Availability 

As in IPv4 OSPF is used in IPv6 configurations to ensure the stability of HA setups. No additional 

GUI input fields are provided as the link-local addresses are used for OSPF communication. Only 



manually configured IPv6 and IPv4 addresses need to be entered in the menu field SYSTEM → HA → 

CONFIGURATION → HA ADDRESSES for all systems in the cluster. 

2.2 New Connection Features 

GeNUGate 6.3 already introduced the connection based configuration of ALG rules. Additional info is 

available in the GeNUGate product manual, section “2.4 Connections on the GeNUGate”. This concept 

was now extended to cover PFL and routing configuration as well. 

This also simplified the menu structure. Routing and PFL configuration are now performed in the GUI 

menu CONNECTIONS, with direct access to configuration objects, such as “Hosts & Networks”. 

2.2.1 PFL Rules 

The ALG configuration objects such as services, policies and networks now can be reused in PFL 

configuration. The policy type determines which IP protocols are permitted on the PFL. For example, 

a DNS policy would automatically impact TCP and UDP connections on the PFL. In addition, incoming 

source and destination ports from the service are reused for filtering on the PFL. 

Unlike the ALG, only two association types are permitted on the PFL: 

• Pass 

• Block 

These determine if the connection is permitted or not. 

Much as on the ALG, logging on the PFL is defined in the policy field “Logging”. Further filter options 

can be configured in the policy field “Options”. 

Additional information is available in the product manual. 

2.2.2 Routing 

In the same way as rules, routing tables access “Hosts & Networks”. Both object types may be selected 

as destination networks, while only hosts directly connected to the GeNUGate system may be gateways. 

Additional information is available in the product manual, section 4.9.1 “Routing”. 

2.3 Improved Performance 

2.3.1 Acceleration of TCP, WWW and FTP Connections Without Content Analysis 

Incoming TCP connections are terminated on the ALG, and new connections are initiated to the destination 

hosts. At the same time, ACLs and policy settings are checked, and new IP packets with new 

TCP headers are genereated, protecting the destination host’s IP and TCP stacks. 

As a new feature in GeNUGate 7.0 the data payload now is processed directly by the kernel, which is 

significantly faster. 

The same applies to FTP and WWW connections, if no content analysis (weeding or virus scan) is 

activated. The respective protocol is of course still checked. Reducing the number of context changes 

between kernel and userland processes improves the performance of many connections. 



2.3.2 Caching of Virus Scan Results 

In the default configuration, only initial downloads are scanned for viruses, and the SHA256 sum of the 

contents is cached to check for future downloads of the same file. If the file is subjected to multiple 

parallel scans, only the first one is performed. Subsequent scans have to wait, and use the cached 

checksum. 

Pattern updates and changes in the virus scanner configuration will invalidate the cache, and a full scan 

will be performed again. Please note that scan errors (e.g. due to low disk space) will not be cached. 

2.3.3 Virus Scan of a RAM Disk 

On systems with at least 16GB RAM, GeNUGate 7.0 creates a RAM disk to unpack and scan downloads 

in. The download itself is at first stored on the regular hard drive in /cage/vscan. If space on the RAM 

disk is insufficient, the virus scan is automatically repeated on the hard drive. 

Depending on file type and content, using a RAM disk speeds up scanning by a factor of up to 10. This 

feature also works with the virus scanner cache. 

2.4 Remote Maintenance with GeNUCenter 

GeNUGate 7.0 supports central management by GeNUCenter again. Further adjustments will be implemeted 

by the next GeNUCenter patch, and will be described in the respective readme. 

2.5 Authentication with Password Files 

In addition to previously available authentication methods, GeNUGate 7.0 now supports storing usernames 

and passwords in a file. For policies with authentication (such as FTP or SMTP), the “Authentication” 

menu provides the options “Password File” und “Path to Password File”. 

Further information on supported formats is available in the GeNUGate manual in the sections on the 

respective policies. 

2.6 SMTP AUTH 

The SMTP policy field “Authentication” can be used to require incoming mailservers to authenticate with 

a username and password, as defined in RFC 4954. The following methods are available: 

• PLAIN 

• CRAM-MD5 

The unencrypted “PLAIN” method can be restricted to TLS secured connections only by disabling the 

option “Insecure Authentication”. 

2.7 DNS Rules 

GeNUGate 7.0 introduces the new DNS policy type. Services using this policy are configured to directly 

access the TCP and UDP port 53. To save on resources, only one response packet per UDP query 

packet will be accepted. The connection will then close and free up system resources. 



The DNS relay option “Close After Last Reponse Packet” is available in the “Options” field of every UDP 

policy. 

2.8 PFL Remote Upgrade 

The new PFL operating mode “USB Remote Upgrade” was introduced, permitting full remote maintenance 

of the PFL without physical access. The kernel and the entire configuration can be exchanged 

while applyng patches. See “USB Remote-Administration”. 

The necessary PFL reboot to activate a new configuration or patches now kann be triggered in the GUI 

menu PACKET FILTER → BOOT MEDIA. 

Further information is available in the product manual section 4.6.3 “Packet Filter Hardware”. 

2.8.1 Certificate Chain 

Certificate management on GeNUGate 7.0 now supports certificate chains. WWW and TCP relays with 

the activated SSLify option now also transmit the root and intermediate certificates belonging to the 

server certificate used. A prerequisite is that these certificates were specified when generating proxy or 

server certificates. 

2.8.2 New Logwatch Patternis 

Two new patterns are available in the menu SYSTEM → SYSADMIN → SETTINGS → LOGWATCH. The 

first triggers alerts when possible ARP spoofing attacks are detected, the other in case of duplicate IP 

addresses. Both patterns can be applied to the ALG or the PFL by configuring the field “kern”-Log oder 

“screen”-Log. 

2.9 Usability 

A number of usability modifications now simplify GeNUGate operation. Some of the more important 

ones are: 

• Table sorting: Tables now can be sorted by any column, except for the display of ALG and PFL 

rules, as their sequence is important during processing. 

• Back links in configuration run: The display of saving and activating the configuration has been 

improved, and a link back to the previous higher level configuration page is available. 

• Boot from mirror disk: It previously depended on the RAID controller used in GeNUGate systems 

if booting from the mirror disk (e.g. in case of config or hard drive problems) was possible without 

manual intervention in the RAID BIOS. GeNUGate 7.0 now will always automatically boot from the 

mirror disk. 

The GUI and the command line will display warnings concerning the mirror disk. 

• GUI: username and fully qualified host name: The user logged in and the fully qualified host 

name of the GeNUGate are dispayed in the upper right hand corner of the GUI. 


3 SOFTWARE UPDATES AND CHANGES 

• PFL configuration update only requested when necessary: 

Detection of PFL configuration changes has been improved. A PFL update after configuration 

changed will now only be requested if it really affects the PFL. 

3 Software Updates and Changes 

3.1 Operating System 

• Patches included: GeNUGate 7.0 includes all changes and patches of version 6.3 up to and 

including patch 9. 

• Update to OpenBSD version 4.6: The operating system OpenBSD was completely updated to 

version 4.6. 

3.2 VPN Option Deprecated 

As announced with the GeNUGate 6.3 release, GeNUGate 7.0 has deprecated the VPN option. It no 

longer is possible to terminate VPN connections on the ALG. Any existing VPN configuration will be 

removed by the upgrade to version 7.0. 

VPN appliances located in a GeNUGate DMZ are not affected. Any existing VPN configuration will be 

removed by the upgrade to version 7.0. This is also the method we recommend for migration, for example 

with GeNUCrypts or GeNUScreens, which can be configured with the GeNUGate in the GeNUCenter. 

3.3 Option High Availability 

• Network interfaces: Starting with this version, HA setups require that all systems within a cluster 

have the same number of configured interfaces on ALG and PFL. 

• HA synchronization of PFL interfaces: 

After upgrade, the network interface and address mapping on the HA master must be completed 

for the PFL to ensure HA synchronization. This can be done in the menus SYSTEM → HA → 

CONFIGURATION → HA ADDRESSES or SYSTEM → PACKET FILTER → PFL ADDRESSES → HA 

INTERFACES. 

Thus, a copy of the entire cluster configuration is available on the HA master. 

3.3.1 Manual Modification of the OSPF Configuration 

Previously, modification of the OSPF settings was performed in the registry and via local configuration 

files. The syntax of address to interface allocations has changed in GeNUGate 7.0. 

For example, specific GeNUGate addresses could be exempted from the OSPF export. This registry 

setting now no longer applies to single addresses, but instead entire interfaces with all their addresses. 

In addition, these settings can also be made in the GUI menu SYSTEM → ALG INTERFACES. 

A local configuration file is needed to exempt single addresses from the export. Please contact GeNUA 

support for the correct pre-upgrade configuration syntax. 


3.4 MIME Magic File Update 

3 SOFTWARE UPDATES AND CHANGES 

Virus scanner policies permit configuration of whether files of a certain MIME type should be blocked in 

the “MIME-Type ACL”. This heuristic detection method also works on archives, as the original file first is 

unpacked. 

The MIME type pattern file for GeNUGate 7.0 was updated to include more types and improve detection. 

The commandline tool mime type can check individual files for their mime type. 

3.5 PFL 

3.5.1 Floppy Support Discontinued 

Due to the PFL IPv6 kernel’s size, support for floppy disk boot media was discontinued. Configuration 

and boot now are performed with USB sticks, which are still written and administered on the ALG. 

Any backups performed on floppy disk by the cfgbu command on the ALG need to be written to USB 

stick, as current hardware no longer has a floppy drive. 

3.5.2 Logging and Time Server 

It previously was possible to specify separate logging and time servers on the PFL. To standardize 

behaviour, GeNUGate 7.0 moves these configuration options from the PFL to ALG. The necessary rules 

are automatically generated. 

3.5.3 Internal Services: Active FTP 

Activation of the FTP “internal Service” in the PFL configuration is possible in different scenarios on 

GeNUGate 7.0. The automatic configuration update might not create enough rules to cover this. 

Therefore, please check the rules for active FTP in the PFL rules menu after upgrade. 

3.6 SSH Key Generator Removed from the GUI 

Previously, SSH keys could be generated in the “Remote Access” field in the user administration menu. 

This option has been discontinued in GeNUGate 7.0 and the keys will be deleted from the system during 

upgrade. 

Existing user remote access setups are not affected by this change, and the public key remains saved 

in the GeNUGate registry. 

3.7 Compatibility Option Removed 

The “compatibility option” provided a number of paths and symbolic links to files of earlier GeNUGate 

versions (pre-6.0). This option has been completely removed. 


5 BEFORE UPGRADING 

4 Overview: Versions with Update Support 

Patches and security updates are available for GeNUGate 7.0 and the following verions: 

• GeNUGate 6.0: 

This is the older CC EAL4+ certified version. Patches and security updates will be available until 

May 2011. 

• GeNUGate 6.2: 

Security updates for GeNUGate version 6.2 will be available until May 2011. 

• GeNUGate 6.3: This version has been certified at CC EAL4+ in September 2010 and thus replaces 

GeNUGate 6.0. It will remain in support until at least December 2012. 

As described in our contract conditions, software versions previous to GeNUGate 6.3 may not be fully 

supported, especially GeNUGate 6.1. Please upgrade older systems as soon as possible. 

5 Before Upgrading 

5.1 System 

• The upgrade to verson 7.0 is supported by any version 6.3 patch level. 

• At least 512MB RAM in the ALG, and 128 MB RAM in the PFL system are needed to run version 

7.0. 

• Sufficient hard drive space is needed on the ALG to perform the upgrade. The procedure to 

determine hard drive space is described in chapter 6.3. 

5.2 Test Upgrade in Multi User Mode 

A “test upgrade” of the GeNUGate system is recommended to detect and handle problems and inconsistencies. 

The procedure is as follows: 

• In normal multi user mode, insert the CD-ROM in the system’s drive. 

• Execute the command ggupgrade as the user root. 

The first thing the test upgrade does is to convert the registry and write the result to the human readable 

file /etc/configfw/fw.cfg.pretty-G700 000. 

The running system’s registry itself is not modified. Any occurring inconsistency will trigger error messages, 

and serious problems must be explicitly acknowledged. 

Please note the test upgrade cannot diagnose if there is sufficient hard drive space in older hardware. 

To determine needed space, follow the procedure described in chapter 6.3. 

After the registry test conversion, the command configfw is executed to check if configuration files are 

correctly generated from the converted data. 

Afterwards, normal systems operation can continue with the original, unconverted configuration, or the 

actual upgrade can be performed as described in chapter 6. 


6 UPGRADE INSTALLATION 

Please contact your service partner for further support. Detailed information is available in the files 

/var/gg/patches/G700 000.upgrade.log (registry upgrade) and 

/var/gg/patches/G700 000.configfw.log. 

6 Upgrade Installation 

6.1 Upgrade Path 

Beginning from version 6.3, GeNUGate systems can be upgraded to version 7.0. 

No specific patch level within version 6.3 is necessary. 

6.2 Data Backup 

The upgrade to GeNUGate 7.0 will not affect log files and e-mails in the system spool directory. 

Nevertheless, please back up your configuration before upgrade with: 

# cfgbu -s 

To back up log files and e-mails, a full system backup is necessary, as described in the product manual, 

chapter “Backup and Restore”. 

6.3 Minimum Available Disk Space 

Sufficient space in the partitions on the hard drive is needed for a successful upgrade. Above all, the 

partitions / and /usr need more than 50% available space. Enter the command df to determine file 

system usage: 

admin@ggd132:˜# df -h 

Filesystem Size Used Avail Capacity Mounted on 

/dev/wd0a 126M 40.8M 78.9M 34% / 

/dev/wd0f 1.5G 113M 1.3G 8% /cage 

mfs:6239 62.9M 2.0K 59.8M 0% /tmp 

/dev/wd0d 502M 238M 239M 50% /usr 

/dev/wd0e 251M 33.5M 205M 14% /var 

The column “Capacity” states the used percentage of the respective file system. 

6.4 Performing the Upgrade 

Please note: 

Physical access to the GeNUGate system itself, or to a connected serial console is necessary, 

as a CD-ROM and possibly a USB stick (or a floppy in older hardware) need to be inserted or 

switched. 

Insert the GeNUGate 7.0 CD-ROM in the drive, log on to the system as the user “admin”, and become 

“root” with the command su. 



admin@ggd132:˜# su - 

Password: 

Sep 18 08:06:33 ggd132 su: admin to root on /dev/console 

root@ggd132:˜# 

Enter the command ggupgrade to start the upgrade. 

root@ggd132:˜# /usr/local/gg/sbin/ggupgrade 

Executing upgrade script from cdrom. 

Starting /cdrom/usr/local/gg/sbin/ggupgrade ... 

Before the upgrade starts, the patches for the new release are 

transferred. This ensures your GeNUGate system will be running with 

the latest patchlevel immediately after upgrade. 

Get upgrade patch from cdrom ... 

Retrieving G700_000.tar 

The patches for the new version can be fetched from GeNUA over the 

Internet. 

Patches from GeNUA (yes no) [yes]? yes 

You can check for published patches before restarting the system by typing yes. 

At this point, you will be asked some questions for the installation. Simply enter [RETURN] here - the 

upgrade procedure will skip these questions and continue. 

Now a registry test upgrade and test run of configfw is performed to check for problems during the 

procedure. If any problems occur, please contact your service partner. 

Reboot the system now. 

root@ggd132:˜# reboot 

Sep 18 08:11:42 ggd132 reboot: rebooted by admin 

/etc/rc.shutdown in progress... 

IP is OFF 

/etc/rc.shutdown complete. 

Sep 18 08:11:45 ggd132 syslogd: exiting on signal 15 

syncing disks... done 

rebooting... 

Be sure the system boots from the inserted GeNUGate 7.0 CD-ROM by checking for the message 

CDBOOT 2.02 in the boot prompt. 

>> OpenBSD/i386 CDBOOT 2.02 

boot> 

booting cd0a:bsd.install: 4020108+930528 [52+215856+195731]=0x51d3d8 

entry point at 0x200120 

[ using 412012 bytes of bsd ELF symbol table ] 

Copyright (c) 1982, 1986, 1989, 1991, 1993 

The Regents of the University of California. All rights reserved. 

Copyright (c) 1995-2008 OpenBSD. All rights reserved. 

http://www.OpenBSD.org 

OpenBSD 4.6-stable (ALG.install) #0: Fri Oct 1 19:52:17 CEST 2010 

bluhm@g701.genua.de:/build/gg.70/70.D020/ALG.install 

cpu0: Dual Core AMD Opteron(tm) Processor 265 ("AuthenticAMD" 

686-class, 1024KB L2 cache) 1.80 GHz 

cpu0: 



FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 

... 

After loading the kernel, the GeNUGate 7.0 installation routine will prompt you for the installation language 

and keyboard mapping. Afterwards, please select the installation mode upgrade. 

GeNUGate Installation 

Sprache auswaehlen. 

Sprache/Language (de en) [de] ? en 

Select the layout of the keyboard connected to the GeNUGate. 

Keyboard layout (us de de.nodead ... pl hu si cf cf.nodead) [cf.nodead] ? 

us 

kbd: keyboard mapping set to us 

Probing system. 

Choose installation, upgrade or recovery from backup. 

Mode (install upgrade recover) [upgrade] ? upgrade 

The hard drives and file systems are checked, mounts performed and the upgrade is started. 

Mount hard disk. 

Select boot hard disk. 

Detecting hard drives in system. 

Boot hard disk selected. 

Unmount all partitions. 

Read in fstab. 

Check file systems. 

/dev/rwd0a: file system is clean; not checking 

/dev/rwd0f: file system is clean; not checking 

/dev/rwd0d: file system is clean; not checking 

/dev/rwd0e: file system is clean; not checking 

Mount all partitions. 

Remove flags. 

GeNUGate licenses. 

Initialize license. 

You are prompted for the GeNUGate license number and hardware serial number. The values from 

GeNUGate 6.3 still are valid. Press [RETURN] to accept them. 

Enter license. 

The value to be entered has the format 1234-GG-ABCD-EFGH-IJKL-MNOP. 

License [1234-GG-ABCD-EFGH-IJKL-MNOP] ? [RETURN] 

Enter serial number. 

The value to be entered has the format XXXXX-XX-XXXX. 

Serial number [12345-CD-89AB] ? [RETURN] 

You now can transfer patches from USB stick, an HA peer or over the network. 

Get patches from USB stick. 

Fetch patches from USB medium (yes no) [no] ? [RETURN] 



Get patches from HA peer. 

Fetch patches from HA network (yes no) [no] ? [RETURN] 

Get patches from GeNUA. 

Fetch patches from network (yes no) [no] ? [RETURN] 

Upgrade begins now. The new software is copied to the system and configuration starts. 

Begin upgrade. 

Copy upgrade patch from cdrom. 

Retrieving G700_000.tar 

... 

At the end of the upgrade, you are prompted to set new passwords for the administrative accounts 

“admin” and “root”. Alternatively, keep the existing passwords by pressing [RETURN] to select no. 

Set administrator passwords. 

Set passwords (yes no) [no] ? no 

The upgrade is done. Press [RETURN] to restart the system and remove the CD-ROM from the drive. 

Press to reboot, remove the cdrom after the ’rebooting...’ 

message. 

Reboot now (reboot) [reboot] ? [RETURN] 

The system now starts the new software. After the kernel has been loaded, you are prompted for 

the “root” password, as a bootinstall script needs to be run to upgrade the PFL (packet filter) system 

component. 

At least one bootinstall script was found. You can only run them as root. 

You will be askied for the root password now. If you do not know it, enter 

an empty string three times, and boot will continue without 

executing the bootinstall scripts. Enter your root password now. 

You have 60 seconds to authenticate! 

Enter root password! 

Password: 

Select the script with 1 und [RETURN]. Start the script by entering y. 

Select a list of bootinstall scripts by entering their numbers or by 

entering * to select all. 

================================================================ 

1) /var/gg/boot/bootinst..2010.10.02-15.12.02.exe 

Initialize packet filter disk 

Auswahl (1) []: 1 

1) /var/gg/boot/bootinst.2010.10.02-15.12.02.exe 

Initialize packet filter disk 

Is this ok? (y/n) [n]: y 

Insert the PFL floppy in the ALG drive, or insert the PFL USB stick in an available USB slot of the ALG, 

and rewrite the PFL medium. Follow the displayed instructions to restart the PFL. 

After restart, log on to the ALG. A banner will displayed with the new version number. 


login: admin 

Password: 

Last login: Mon Sep 10 15:05:02 on console 

Welcome to your GeNUGate Firewall System. 

This system is running GeNUGate Version 7.0 000 based on OpenBSD 4.6 

admin@ggd132:/var/home/admin$ 


Enter the command su to become “root”, and execute the command configfw. This is necessary to 

perform syntax checks of configuration files (the upgrade does not perform these checks): 

root@ggd132:˜# configfw 

zone file /cage/ALG_2_INTERN/etc/namedb/gg.de.db: new serial 

(2009081061)

8 HOW TO CONTACT US 

If the option GeNUScan is installed on your system, be sure to update the virus scanner! As root, 

execute the command getpatterns: 

root@ggd132:˜# getpatterns 

... 

Enjoy your new GeNUGate system! 

7 Information in the Web 

These release notes also are available on our Web server in the “Customer Service” area: 

http://www.genua.de/customer/index.en.html , 

“Internal Customers Area”. 

Further information is available in the “Internal Customers Area”, qqGeNUGate Support –> “Knowledge 

Base” (login required). 

8 How to Contact Us 

GeNUA Gesellschaft fuer Netzwerk– und Unix–Administration mbH 

Domagkstrasse 7, 85551 Kirchheim/Munich, 

Tel. +49 89 99 19 50-0, Fax. +49 89 99 19 50-999 

E-Mail: info@genua.de, WWW: http://www.genua.de/ 

© 2010 GeNUA mbH, Kirchheim, All rights reserved. GeNUGate and GeNUA are registered trade 

marks of GeNUA mbH.

GeNUGate 7.0 Release Notes Important â Backup! - GeNUA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

GeNUGate 7.0 Release Notes Important â Backup! - GeNUA