Search
Close this search box.

iSecurity Firewall Release News

Version 19.06 (November 2024)

Improvements

  • Improved performance for DBOPEN access across several areas within Firewall.
  • Unnecessary I/Os have been removed or relocated to only where absolutely necessary.
  • Enhanced the SQL parser program for better efficiency.
  • Improved the rule wizards for more efficient rule creation.
  • On the Users and Groups screen, selecting option “7” in front of a user/group now shows all appearances within the rules.
  • Improved handling of users that belong to more than one %group.
  • In RECALC mode, DSPFWLOG now highlights log entries of non-RECALC supporting servers instead of showing them in red.

Version 19.05 (August 2024)

New Features

  • With (STRFW > 3 > 3) it is possible to copy a user, group profile, or firewall group within the Firewall to another user/group profile/firewall user. This function is allowed to choose whether to keep or replace the existing definitions for the “to user”.

Improvements

  • If the Firewall and Anti-Ransomware are active, the Server in the Firewall no longer shows Secure = “Other.” Instead, you see “Y+ATP,” which indicates that in addition to the Firewall, anti-ransomware is also active.
  • It used to be possible to specify a library name with an asterisk at the end (e.g. TEST*), but that was not working. Now, using an asterisk at the end is not valid. Instead, you can use (STRFW > 4 > 61) to add different libraries – both specific and generic. These are all handled using a so-called policy library. For example, libraries like ABC, XYZ, and TEST* are handled in rules with the library PRODLIB, even if no library with this name exists.
  • Users can now access their libraries using (STRFW > 81 > 3). This means that a user with the name “AUDE” can have full access to the library “AUDE” without needing a specific native rule. Similarly, user “AUDE” can have full access to /home/AUDE and can also be granted access to /CHGUSR/AUDE using a prefix without needing IFS rules.
  • Users with special handling (e.g. FYI mode or Allow All for native and/or IFS) are now indicated in blue color in (STRFW > 3 > 1). This makes it easier to identify special configurations without having to delve deeper.

Fixes

  • In the previous version, some SQL calls in the programs were skipped, but this has been fixed.
  • Some objects with @ in the object names caused issues in various languages, so the @ was replaced with 8 to prevent future problems.

Version 19.04 (May 2024)

Improvements

  • Handling incomplete IP addresses.
  • Rules on IFS file system were enhanced.
  • Rule wizards option grouping ALLUSRG shows all %groups for a user.

Fixes

  • I/O operation on closed file GSUSERP.
  • Frequently appearing license error message at exactly 00:00:00 o’clock was removed.
  • On RECALC, object creation could show that access was rejected when it was actually allowed.

Version 19.03 (April 2024)

New Features

  • Option 7 in Work with User Security (STRFW > 3 > 1) to see all rules for a user.
  • On the Setting DB-OPEN and SQL screen (STRFW > 1 > 2), you can pre-select files for processing by pressing the F8 key. This opens the Pre-Select Files for DB-OPEN screen, which you can also reach at STRFW > 4 > 1.
  • The SIEM interface parser now uses -QUOTE or -DBLQUOTE to pack values in quotes. The special characters = * (and) that SPLUNK had misinterpreted are now changed to underscores “_”.
  • Firewall SYSLOG (SIEM) uses the standard “outcome=” field name with “failure” or “accepted” for rejected or allowed events. If the product was in simulation mode, the notation *FYI (For Your Information) follows.
  • Firewall SYSLOG (SIEM) now reports the firewall event numeric code in a similar way to the audit type in Audit
  • User Wizard:
    • For each user, show whether it is a user or group profile
    • Option to hide access through servers that are allowed on a higher level (Skip Allow All).
    • In Option 3, combine currend and userd lines into a single rule.
    • In Options 8 and 9, users can be added easily to %groups or Group Profiles.
    • Options G & P can show the %groups or Group Profiles to which a user belongs.
  • Visualizer was extended to support IFS file names in addition to Native objects. It also allows improved drilling down to the log related to IFS objects.
  • The Replace Firewall User (RPLFWUSR) which is capable of finding or removing user references, has been enhanced. It can now display results on the screen as well as check if there are any references. The scope to check can either be *ALL, or *REFERRED. The *ALL checks also if the user is specified as a separate entity.  
  • A “where used” option is added to the Work with User Security (STRFW > 3 > 1). It shows where the user/group is referred to within other parts of Firewall.
  • Configuration of Rule Wizards now allows you to change the command defaults for parameters (STRFW > 81 > 1). Changing the defaults enable more convenience.
  • Work with User Security (STRFW > 3 > 1) now shows where the user/group is used.

Improvements

  • Various elements in Rule wizards.
  • Command default in STRFW > 81 > 1 for rule wizards.

Fixes

  • A problem in reorganizing an empty statistical file for Visualizer.
  • Updating the GSPLWD file for big customers could cause an overflow.
  • A problem with IFS Create log entries on RECALC.
  • Issues with the configuration files that could have prevented SSHD/SFTP/FTP were removed.
  • A problem with DSPFWLOG and Socket plus false MFA.
  • Several accesses on the DBOPEN server had caused rejects on the FWIPA level.
  • The issues that caused from time-to-time MCH3601 when SuperSpeed was set to Yes, has been removed. IBM confirmed that this is due to repetitive usage of some prestart jobs. Firewall now enables under all circumstances the SuperSpeed. Super Speed improves performance be reducing the number of full OPENs. Starting with this release is automatically adjust its activity to prevent error of type MCH3601.  Note that when SuperSpeed is set to Yes, setting MAXUSE(1) to some prestart jobs can farther improve the performance.
  • Display Suspend/Resume status (STRFW > 1 > 25) shows the most recent SUSPEND/RESUME operation and its time.
  • Empty report emails are now sent properly, with a subject containing the string “NO-DATA”.

Version 18.42 (October 2023)

New Features

  • An option to check whether a connection is running under SSL This makes it easier to detect devices that have to be changed using SSL.
  • At the object level, we can now ignore group profiles and check only single user profiles and the %firewall group. This makes it easier when a user profile acts as a group profile, but is also in use for running tasks.

Version 18.38 (May 2023)

Improvements

  • In the user wizard. “<Done>” replaced with “<Used>”   The <Used> Y  value is now marked in blue if it differs from the corresponding <Current> value
  • The number of Multi system queries of systems was enhanced from 30 to 100.

Fixes

  • A problem in PC Application Security *APP that did not log.
  • When scrolling through many firewall log entries, the restriction of subfiles caused a problem when scrolling back to the top. We added F17 to jump to the top.

Version 18.37 (February 2023)

Improvements

  • Cumulative PTFs for MFA and SSL
  • Performance with DBOPEN, SQL and RMTSRV.

Fixes

  • A problem in DSPFWLOG RECALC that created dumps.
  • The DSPFWUSRA command had ignored the user profile.

Version 18.36 (October 2022)

New Features

  • Added: Functions for MFA.
  • Added: The IFS wizard now supports passing long directory names to DSPFWLO.

Improvements

  • In SRFW > 18 > 2, you can specify whether the log indicates whether SSL was used in a connection.
  • FILSVR performance, by implementing user spaces. The first version had created problems in recreation. This prevents a recreation of User Space. This also removed the CPC2206 from the joblog.
  • Optimized speed for suspend.
  • Creation of %Firewall groups. When creating a user group %Name, the cursor always points to the % sign in the group name, not to the option field to select 1 for Server.
  • SQL – Parser was improved
  • In user management, “Select-User enabled” was changed to “Select-User disabled”.

Fixes

  • In Firewall query, MCH3601 program AUPQRYR had been called from program DSPS1DFN with the wrong number of parameters.

Version 18.33 (June 2022)

Improvements

  • The order in which scheduled reports can be run has changed.
  • New Product MFA added to SMZ8 library

Version 18.26 (October 2020)

New Features

  • New main menu item: 15. Incoming/Outgoing Socket Connections
  • Database Statistics function was added as DBSTT standard server STRFW > 1 > 1 Database Statistics function was added as the DBSTT standard server to the standard activation / de-activation system. It now supports also adding Action and User Exit Programs. As such this function is automatically started after IPL.
  • Real-Time Alert and SIEM Capabilities when important definitions are changed STRFW > 82 Option “78.  Real-Time Alert on definition chg” now support the full AP-Journal capabilities to alert in real-time by Email, SIEM etc., when important definitions are changed.
  • In Rule Wizards:
    • For Native Objects (STRFW > 45 > 1 > 5): New option S=Skip, to check and allow without logging

    • For Native and IFS Objects (STRFW > 45 > 1 > 5 or 6): New option: E=CHGUSRPRF

Improvements

  • User’s Wizard STRFW > 45. Rule Wizards, 4. Users – A new column was added to tell whether the user profile exists in the system or not. The Subset was enhanced to include this column.
  • Enhancement: Server (local) Port added to Telnet information Query and Logs now report this added field
  • Menu Option Relocated STRFW – Option “83. Central Administration” was excluded from the Firewall Main Menu. All its options are covered in “89. Base Support” and in “82. Maintenance Menu”