Mike The regular z/OS Configuration Guide has a 35 page chapter with the title "Security" in Part 1 and a 199 page chapter with the title "IP Security" in Part 2. I was using the z/OS V1R9 manual.
>... is anyone using it? The customer with which I am working at the moment is using it - a lot. > ... how good is it? It works very well. The older folk like the statements but the younger folk like the GUI tool and say it is just like configuring a more traditional firewall with which, because this is the sort of thing to which students of networking are exposed these days, they are familiar. Strangely enough, because of a revision of the structure of the "network" in the vicinity of the "mainframes", this customer is using "IP Security" to replace a real, traditional, old-fashioned firewall. A tip: you should use the OSA NONROUTER function also as part of your "firewall" armoury but try to remember you used it when someone comes along and says "Oh, I forgot to tell you about that particular application that lives here - pointing to a diagram - and so needs a bit of routing from this LPAR ...". Just fixing the "IP Security" statements didn't work! Some bruises can last a long time! Chris Mason On Thu, 31 Jul 2008 14:58:57 +0000, Jan Vanbrabant <[EMAIL PROTECTED]> wrote: >Hi Mike, >>Hello all, out of curiosity. I heard that there is a built in firewall >>with z/os. Is this true? And if it is, is anyone using it? And how good >>is it? >Starting in z/OS V1R8, Firewall Technologies is no longer available >(announced Feb 15th, 2005) > >Cut-and-paste from this IBM presentation: >http://publib.boulder.ibm.com/infocenter/ieduasst/stgv1r0/topic/com.ibm.iea. commserv_v1/commserv/1.8z/overview/whatsnewSecurity.pdf > >z/OS V1.7 is the last z/OS release to include the Firewall Technologies component of the Integrated Security Services element. > >Many Firewall Technologies functions have been stabilized for some time and can be >replaced using comparable or better functions provided by or planned for Communications Server, notably, >- IPSec >- IP packet filtering >- In addition, a functionally rich downloadable tool is planned to replace the IPSecurity and IP Filtering configuration GUI support. > >The following functions were removed without replacement: >- FTP Proxy services >- Socks V4 services >- Network Address Translation (NAT) >- RealAudio support > >jan ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html