start FIREWALL from the command line using command STRFW
choose option 1: work with Servers
use F22 function key
type *YES in Exit point group
type *NO in Secure
type *YES in Skip "Other" exit points
confirm your choice and hit ENTER (twice)
2. Remove the libraries SMZ8 and SMZDTA from the library list, if these libraries are in the system library list IPL is required after removal
3. Make sure you are using a user profile QSECOFR or a user profile that has the same authorities as QSECOFR but not less
Answer:
DFU uses an exit program and works from the green-screen so Firewall doesn't protect it (there's no need to as DFU is under the system's object security).
By using system object security, you can restrict users from accessing DFU objects in QSYS .
iSecurity's second layer of security, the Real-Time Auditing , can help you define Real-Time Auditing rules, with proactive responses.
Answer:
A user without a password will be checked by the creation date of the User profile.
If the number of days will match the number of days to disable the user will be disable unless placed in the exception list.
Answer:
The rules of the Firewall are independent from the OS/400 security.
This security rules will be activated before even entering the AS400 and before checking the native security.
No changes are done on the OS/400 security.
Answer:
It is not a debug mode, this is the Debug perspective (we deliver iSecurity also as an Eclipse perspective). To close it, right-click on the perspective "Debug" image and select "Close".
Answer:
The RUNAUQRY command is submitted to a batch job and processed similarly to RUNAUQRY submitted from the green screen.
The output location of CSV, PDF or HTML is the IFS at /iSecurity/report output/*DATE where *DATE is a library in the form of dd-mm-yy.
When you issue RUNAUQRY, this library is created for the current day, if it doesn't already exist.
The library can be set to any other location on the IFS in the RUNAUQRY command.
Answer:
iSecurity Firewall is an application layer firewall that handle applications trying to connect to System i. It doesn't handle TCP/IP packets or segments.
Answer:
Firewall is implementing exit programs to work with the OS400. Deleting some libraries before removing the exit programs may result in unpredictable results.
The following describes how to remove the exit programs.
Option 1
Install again the product. Use STRFW, 1 and select Suspend. Continue with Uninstall.
Option 2
Follow the instructions:
WRKREGINF and enter 8=Work with exit programs for all entries.
Press Enter to check all entries. Use 4=Remove next to each exit program that is in library SMZ8SYS.
DSPNETA and check DDM request access
If it refers to a program in SMZ8SYS, enter CHGNETA DDMACC(*OBJAUT)
DSPSYSVAL QRMTSIGN
If it refers to a program in SMZ8SYS, enter CHGSYSVAL QRMTSIGN *FRCSIGNON
WRKJOBSCDE GR#*
These scheduled entries might be of Firewall and needs to be deleted.
WRKJOBSCDE GS*
These scheduled entries might be of Firewall and needs to be deleted.
Once this is done:
If you are not a user of Screen or Password, after an IPL you may delete libraries SMZ8 and SMZ8SYS.
If you are not a user of Screen or Password or Capture or WideScope you may delete libraries SMZTMPA and SMZTMPB
If you are not a user of any iSecurity module, you may delete library SMZTMPC
