Securing PC Client Applications
Firewall can set security controls for specific PC applications that access your IBM i. When you connect an application for the first time, you are asked for an application name and a key which will identify the application in later connections.
To create security settings for PC applications that access your IBM i, select 18. PC Application Security from the Firewall Main Menu.
The Work with Client-Application Security screen appears.
| Work with Client-Application Security Subset . . . Type options, press Enter. 1=Select 3=Copy 4=Delete Opt Application Active CREDIT#CARD Y Credit card handling EVG2 Y Test for EVG2 SEND Y TEST1 Y TEVG Y Bottom Client-Application Security is an alternative to user⁄object security. See manual for details. F3=Exit F6=Add new F8=Print F12=Cancel |
The screen shows, for each application, a short name, a free-form text description, and whether Firewall protection for it is active.
To add security settings for an application, press the F6 key. The Add Client-Application Security screen appears:
| Add Client-Application Security Type information, press Enter. Application . . . . . . JZAPP Text . . . . . . . . . . Documentation Application Active . . . . . . . . . N Y=Yes, N=No, A=Administrators only Setting the "Active" for an application controls the level of service that users can get from this application. While Active=N or Active=A, the product will still identify the request as such which falls in the category of the application, but will recognize that the application cannot be used. F3=Exit F12=Cancel |
Enter information in the following fields:
Application
A unique name for the application.
Text
A free-form text description of the application.
Active
Who can run the application. Options are:
- Y=Yes: Anyone can run the application.
- N=No: No one can run the application.
- A=Administrators only: Only administrators can run the application.
After entering this information, press Enter. A second Add Client-Application Security screen appears:
| Add Client-Application Security Type information, press Enter. Application . . . . . . JZAPP Text . . . . . . . . . . Documentation Application Active . . . . . . . . . N Y=Yes, N=No, A=Administrators only Servers Cmd/ General features SQL Pgm Activate . . . . . . . . Y Y Y=Yes, N=No Specify which servers will used for the application. Note that Cmd/Pgm (Remote command, Remote program call) will identify users only when the application is identified by key. Authorize App by "user". *NOCHK Name, *APP, *USER, *NOCHK Specify a name which it's authority will be checked to verify the requests made by the client-application. Check dynamic IP filter. N Y=Yes, N=No Verify that users are working from their allowed range of IPs. F3=Exit F12=Cancel |
This screen adds three fields of General features for the program:
Activate
Specifies the servers used for the application. It has two sub-fields:
Servers SQL
Use SQL servers
Cmd/Pgm
A remote command or remote program call. Users are only identified if the program supplies a key.
Authorize App by "user"
Specifies the user whose authority is checked for application access requests. The options are:
- Name: A specific user name.
- *APP: The name of the application.
- *USER: The current user.
- *NOCHK: Do not check.
Check dynamic IP filter
Verify that the access request is coming from an accepted IP address range.
After entering this information, press Enter. A third Add Client-Application Security screen appears:
| Add Client-Application Security Type information, press Enter. Application . . . . . . JZAPP Text . . . . . . . . . . Documentation Application Identification features Identify application by. 1 1=By Key, 2=By Interface, 3=By Both Key . . . . . . . . . . Note that the only time the key is exposed is when you enter it. This key must be included in the client part of the application. Interface type*. . . . . name*. . . . . version* . . . F3= Exit F12=Cancel |
To identify the application by a key, enter the key in the Key field and set the Identify application by field to 1.
To identify the application interface, enter the interface information in the Interface type, name, and version fields and set the Identify application by field to 2.
To identify the application by both a key and interface, enter information into the fields for both and set the Identify application by field to 3.
After entering this information, press Enter. A fourth Add Client-Application Security screen appears:
| Add Client-Application Security Type information, press Enter. Application . . . . . . JZAPP Text . . . . . . . . . . Documentation Application Active . . . . . . . . . N Y=Yes, N=No, A=Administrators only User A Grp.Prf. d -Limit to- %group m N Time-Group More... Identify administrators by setting Adm=Y. An N preceding a Time-Group means "not within". F3=Exit F4=Prompt F12=Cancel |
To specify users or groups who can use the application and when they can use them, enter information into the following fields:
User Grp. Prf. %group
A single or generic* user or group name. To select from a list, press the F4 key.
Adm
To make the user or group administrators for the application, set this field to Y.
-Limit to-
N
To restrict these users to times excluded from the Time Group in the next field, set this field to N.
Time-Group
Restrict users to the times specified for a named Time Group (as shown in Defining Time Groups). If the N field is set to N, restrict them to times excluded from the Time Group.
After entering this information, press Enter. The first Add Client-Application Security screen reappears.
Other Operations from the First Screen
To modify Firewall settings for an application, enter 1 in the Opt field for the application. The Modify Client-Application Security screens appear, following the same sequence as shown for adding an application above.
To copy Firewall settings from an existing application to a new one, enter 3 in the Opt field for the application.
To delete an application from the list, enter 4 in the Opt field for the application. The Delete Client-Application Security screen appears, confirming that you want to delete the Firewall settings for the application.