Release Notes: This release fixes netscreen group name translation bugs. Empty groups are not matched in build_rules subs. Comments are output in 'set name' statements in policy id mode for netscreen rulebases. Netscreen rule 'name' strings are added with rule descriptions, and net ranges are translated as ranges. Some default services have been updated with a few new services definitions. 'rr' mode 'nat' defaults have been added, the same as 'yes' defaults with CIDR filter NAT translations switched on.
Release Notes: This release fixes rulebase output bugs when using the 'cl' option in 'rr' mode. Netscreen rulebase numbers now output usable rule numbers in 'cl' rulebases. The ctrl-c panic when reading logs is fixed. 'rr' mode 'log' defaults now switch off 'Any' rule to object and service object resolution. New 'rr' mode 'res' defaults now switch on most resolution and matching options.
Release Notes: This release permits you to to choose the types of rules and which rule actions to include in the rule rationalization mode. Both the 'merge from' and 'filter' rulebases rule types can be chosen. The 'rr' mode rule unwrap code has been optimized.
Release Notes: This release corrects MIP interface NAT ANY service name and adds nat dst ip statements to NAT tables so that NAT translated addresses from policies can be filtered against in rr mode CIDR filters. This release also correctly reads disabled rules in Netscreen and adds further checks to the rr mode rulebase builders. The Netscreen reader now reads tunnel VPN rules, and these can be used to filter out encrypted traffic in rr mode.
Release Notes: This release adds 'end.' comments to rr mode "enter search INC EX string" instructions as well as the 'exit' menu option and attempts to resolve a looping issue when using Ctrl-C in the Gnome terminal. This release begins the process of automatically resolving Netscreen MIP(ipaddr) objects from interface mip statements and adds them to the NAT tables. This release also resolves issues with incorrect protocol definitions (used when merging between Checkpoint and Netscreen) and reports these. Unknown rule types are now skipped and reported, e.g. Netscreen tunnel rules.
Release Notes: This release further updates the Cisco policy writer, resolves issues with service groups in access lists, and fixes a few Cisco reader bugs which printed undefined warnings.
Release Notes: This release adds further updates to dbedit output. od mode now outputs object and service groups, and dbedit output is also now printed straight to a file for easy "dbedit -f filename" use.
Release Notes: This release adds object output to dbedit text in od mode, and NOTE: statements to the policy reader sections. net and service_builder subs now catch and report circular groups and sub groups. Many bugs have been fixed in Cisco object, group, and rule readers and writers. The proto port and toZone fromZone divider character has been changed from . to ~ .
Release Notes: This release simply removes one or two Checkpoint FW-1 defaults. These defaults caused some rulebase builds in Checkpoint FW-1 r75.10 to fail (namely, rulebases using TCP port 8080, which is fairly common). This version has been tested and used successfully with FW-1 r75.10.