Modifying Firewall Settings for Servers
To view detailed information about the server's security settings and to modify them, enter 1 in the Opt column for that server on the Work with Server Security screen (STRFW > 1) (as shown in Setting Firewall Rules for Servers).
The Modify Server Security screen appears:
| Global *FYI* Mode Active Modify Server Security Server . . . . . . . . . . FTPCLN FTP Client-Outgoing Rqst Validation (*) Secure . . . . . . . . . . . . . . . . 2 1=Yes, 2=No Security level . . . . . . . . . . . . 1 1=Allow All 2=Reject All 3=User to Service 9=Full (User+Object) Filter Outgoing IP address . . . . . . 1 1=Yes, 2=No Global filtering is performed if Security level is 3 or higher. Check Free Style Rules to overrule . . 2 1=Yes, 2=No Information to log . . . . . . . . . . 4 1=None 2=Rejects only 4=All Allow Action to react . . . . . . . . 1 1=No, 2=Rejects only, 3=All Run Server-Specific User Exit Program. 1 1=Yes, 2=No, blank=Default See example in SMZ8/GRSOURCE FWAUT#A. Run in FYI Simulation mode . . . . . . 1 1=Yes, blank=Default F3=Exit F9=Object security F10=Logon Security F11=User security F12=Cancel |
The screen contains the following many of these fields, depending on which parameters are applicable for that server:
Server
A brief, system-determined name for the server, followed by a free-form text description. If the field ends in "(*)", you must restart the server or IPL the system if you change its Secure status in the next field.
Secure
Whether the server is secured via Firewall.
- 1: Yes
- 2: No
Security level
The level of security for the server. Possible values are:
- 1: All activity is allowed
- 2: All activity is rejected
- 3: Activity is checked based on the user. If you are using OS/400 Native Object Security, use this option to examine security based only on the user. If Native Object Security rejects the access, it remains rejected, even if user-based Firewall rules would accept it.
- 9: Activity is checked based on both the user and the object being accessed. For Logon-related exit points, logon limitation rules (as shown in Setting Additional Firewall Controls for Specific Servers) are active. Otherwise, user limitation rules (as shown in Setting Firewall Rules for Users and Groups) are active. If you are using OS/400 Native Object Security, using Firewall object security via this option may be redundant and have no effect.
Filter Outgoing IP address
Whether server is filtered based on an outgoing IP address.
- 1: Yes
- 2: No
Check Free Style Rules to overrule
Whether to check for relevant Free-Style Rules (as shown in Setting Free-Style Firewall Rules for Servers)
- Y: Yes
- [blank]: No
Information to Log
Whether activity is logged.
- 1: All
- 2: Rejected activity only
- 4: No
Allow Action to react
Whether iSecurity Action reacts to activity.
- 1: All
- 2: Rejected activity only
- 4: No
Run Server-Specific User Exit Program
Whether activity triggers a server-specific user exit program.
- 1: Yes (as shown in Setting User Exit Programs for Firewall)
- 2: No
- [blank]: default
Run in FYI Simulation mode
Whether the server is running in FYI mode (as shown in Running Firewall in FYI Simulation mode)
NOTE: The SSHD server does not support FYI mode.
- Y: Yes
- [blank]: default, based on whether Firewall as a whole is running in FYI mode