Modifying Firewall Settings for a Location Group

To modify Firewall settings for a location group, enter 1 in the Opt field for that group on the Work with Location Groups screen, shown in Setting Firewall Rules for Location Groups (STRFW > 3 > 6).

The Modify Location Group Security screen appears.

​                          ​   Modify Location Group Security​                           
                                                                                
​   Type choices, press Enter.​                                                       
                                                                                
​   Location Group  . . . . . .​   ​   %@FLOOR1  ​       ​   %@001-%@254, %@name​                 
​   Use the range %@001-%@254 for locations which are commonly used, or are used​     
​   in conjunction with other security rules such as Object Security.           ​     
                                                                                
​   Locations                ​                                                        
​   >​   1. IP                     ​                                                     
​    ​   2. IPv6                   ​                                                     
​   >​   3. Device Names           ​                  ​   SIGNON only​                         
                                                                                
​   Selection ===>​                ​    ​                                                   
                                                                                
​   Text  . . . . . . . . . . .​   ​                                                     
​   Ensure single IP usage  . .​   ​   N​                ​   Y=Yes, I=Interactive only, N=No​     
                                                                                
                                                                                
                                                                                
​   F3=Exit​          ​   F4=Prompt​                                        ​   F8=Print​         
​   F9=Object security​                  ​   F10=Logon security​            ​   F12=Cancel​       
​                                                                                  
                                                                                
​

The read-only Location Group field shows the name of the group.

Through the options in the Locations list, you can create specific filters for the group that can override the server's general settings. A close-arrow (">") before an item shows that its settings have already been changed from the default to a new value.

1. IP

To create filters based on IP addresses, type 1 in the Selection field and press Enter. The Work with User IP Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IP Address.

2. IPv6

To create filters based on IPv6 addresses, type 2 in the Selection field and press Enter. The Work with User IPv6 Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IPv6 Address.

3. Device name

To create filters based on SNA system names, type 3 in the Selection field and press Enter. The Work with Sign-On Device Validation screen appears, as shown in Adding a Firewall Rule for Incoming Activity by Remote System Names.

The fields below these control other aspects of user security:

Description

A free-form text description of the group.

Ensure single IP use

To limit the group to working from one IP address at a time, type Y. The group may have multiple sessions open at a time, but they must all be from the same IP address.

To limit the group's interactive sessions to one IP address at a time, type I. This does not affect the group's batch jobs.

To allow the group to work from multiple IP addresses simultaneously, type N.