Firewall Micro-Segmentation

Micro-Segmentation divides a network into smaller sub-networks with firewalls between them. This can prevent attacks and other issues from spreading within networks, much as Firewall protects the networks as a whole from issues coming in from outside. iSecurity Firewall implements it in collaboration with external vendors.

To work with Firewall Micro-Segmentation, enter STRFWMS on the command line. The Firewall Micro-Segmentation screen appears:

 MSFWMMN ​               ​  Firewall Micro-Segmentation ​         ​ iSecurity​       
                                                               ​ System:​ RLDEV   
 Activation​                            ​ Analysis​                                
  1. Server Settings​                   ​ 41. Log, Queries,​ What-if​               
  5. Set Global *FYI (Simulation)​      ​ 42. Servers Activity Statistics​         
  6. Set Emergency Reaction​            ​ 46. Test Security Rules       ​          
                                                                                
 Definitions​                           ​ Activation     ​                         
 11. Incoming Connection Rules​         ​ 51. Activate ZFIREWALL Subsystem​        
 12. Outgoing Connection Rules​         ​ 52. De-activate ZFIREWALL Subsystem​     
                                       ​ 55. Work with Subsystem Jobs​            
 15. IP-Group Definitions     ​         ​ 58. Suspend Firewall (before upgrade)​   
                                       ​ 59. Resume Firewall (after upgrade)​     
 Collaboration with External Software​                                           
 21. Import Definitions       ​         ​ Maintenance​                             
 25. Export Definitions       ​         ​ 81. System Configuration​                
 29. Check Activity           ​         ​ 82. Maintenance Menu​                    
                                       ​ 89. Base Support​                        
 Selection or command                  ​                                         
 ===>​                                                                           
                                                                                
 F3=Exit   F4=Prompt   F9=Retrieve   F12=Cancel                                ​ 
 F13=Information Assistant  F16=System main menu                                
                                                                               ​ 

Most of these items connect to screens within the larger Firewall product, with settings focused on Micro-Segmentation.

The menu items lead to the following screens:

Activation

1. Server Settings

Work with Server Security as shown in Setting Firewall Rules by Server. (Only the Socket Exit Points are relevant.)

5. Set Global *FYI (Simulation)

Firewall *FYI* Simulation Mode as shown in Setting Firewall Rules for Servers.

6. Set Emergency Reaction

Firewall Emergency Override as shown in Overriding Firewall Settings in Emergencies.

 

Definitions

11. Incoming Connection Rules

Work with Incoming Connection Rules as shown in Setting Firewall Rules for Incoming Socket Connections.

12. Outgoing Connection Rules

Work with Outgoing Connection Rules as shown in Setting Firewall Rules for Outgoing Socket Connections.

15. IP-Group Definitions

Work with IP-Groups as shown in Defining IP-Groups for Socket Connections.

 

Collaboration with External Software

21. Import Definitions Maintenance

Micro-Segmentation Rules dialog, depending on the external vendor's software.

25. Export Definitions

Micro-Segmentation Rules dialog, depending on the external vendor's software.

29. Check Activity

Check Firewall Micro-Segmentation Activity, depending on the external vendor's software.

 

Analysis

41. Log, Queries, What-if

Socket Reports - Activity. This displays the activity log based on recent events or the activity type, reruns the log based on current rules, or open a Query Wizard for further analysis.

42. Servers Activity Statistics

Display User Activity (DSPFWUSRA) as shown in Displaying Firewall Activity by Server.

46. Test Security Rules

Check Firewall Security (CHKFWSEC). This checks server functions based on the Local/incoming, Bound, or Remote/destination ports or IPV$/IPV6 addresses.

 

Activation

51. Activate ZFIREWALL Subsystem

Start Subsystem (STRSBS) as shown in Suspending or De-activating Firewall

52. De-activate ZFIREWALL Subsystem

End Subsystem (ENDSBS) as shown in Suspending or De-activating Firewall.

55. Work with Subsystem Jobs

The IBM Work with Subsystem Jobs screen, showing jobs using the ZFIREWALL subsystem.

58. Suspend Firewall (before upgrade)

Set Firewall Security (SETFWSEC) as shown in Suspending or De-activating Firewall.

59. Resume Firewall (after upgrade)

Set Firewall Security (SETFWSEC) as shown in Suspending or De-activating Firewall.

 

Maintenance

81. System Configuration

iSecurity (part I) Global Parameters as shown in Configuring Firewall.

82. Maintenance Menu

Maintenance Menu as shown in the iSecurity Installation and Base Support manual.

89. Base Support

BASE Support as shown in the iSecurity Installation and Base Support manual.