Adding Firewall Settings for a Location Group

To add Firewall settings for a location group, press the F6 key in the Work with Location Groups screen, shown in Setting Firewall Rules for Location Groups (STRFW > 3 > 6).

The Add Location Group Security screen appears.

​                          ​  Add Location Group Security​                                                                                                              ​  Type choices, press Enter.​                                                                                                                                        ​  Location Group  . . . . . .​  ​   ​      ​  %@001-%@254, %@name​                 ​  Use the range %@001-%@254 for locations which are commonly used, or are used​     ​  in conjunction with other security rules such as Object Security.           ​                                                                                      ​  Locations                ​                                                        ​   ​  1. IP                     ​                                                     ​   ​  2. IPv6                   ​                                                     ​   ​  3. Device Names           ​                 ​  SIGNON only​                                                                                                          ​  Selection ===>​               ​   ​                                                                                                                                    ​  Text  . . . . . . . . . . .​  ​                                                     ​  Ensure single IP usage  . .​  ​  N​               ​  Y=Yes, I=Interactive only, N=No​                                                                                                                                                                                                                                                        ​  F3=Exit​         ​  F4=Prompt​                                       ​          ​         ​  F9=Object security​                 ​  F10=Logon security​           ​  F12=Cancel​       ​                                                                                                                                                                   ​

Type the group's name in the Location Group field. To select a group from a list, press the F4 key. The group's name must consist of a percent sign ("%"), a number sign ("#"), and either a three-digit number from 001 to 254 (such as %@123) or the name of the location (such as %@CHICAGO).

Through the options in the Locations list, you can create specific filters for the group that can override the server's general settings. A close-arrow (">") before an item shows that its settings have already been changed from the default to a new value.

1. IP

To create filters based on IP addresses, type 1 in the Selection field and press Enter. The Work with User IP Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IP Address.

2. IPv6

To create filters based on IPv6 addresses, type 2 in the Selection field and press Enter. The Work with User IPv6 Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IPv6 Address.

3. Device name

To create filters based on SNA system names, type 3 in the Selection field and press Enter. The Work with Sign-On Device Validation screen appears, as shown in Adding a Firewall Rule for Incoming Activity by Remote System Names.

The fields below these control other aspects of user security:

Description

A free-form text description of the group.

Ensure single IP use

To limit the group to working from one IP address at a time, type Y. The group may have multiple sessions open at a time, but they must all be from the same IP address.

To limit the group's interactive sessions to one IP address at a time, type I. This does not affect the group's batch jobs.

To allow the group to work from multiple IP addresses simultaneously, type N.