Enforcive Firewall Manager

 

Monitor and Secure Any Inbound and Outbound TCP/IP Connection to Your IBM i

The Enforcive Firewall Manager add-on brings a powerful extra layer of protection to your IBM i environments. This dedicated software-based IBM i firewall secures your systems in ways your hardware (router/firewall) and application access-control layers do not.

 

How Firewall Manager Works

By monitoring and securing all inbound and outbound TCP/IP connections to your IBM i environments, Firewall Manager lets you fully audit all ports and then lock down selected ports as needed. You define access by source, destination port, IP address, and user (user-based policies are limited to outbound communications). And Firewall Manager comes with a user-friendly GUI front end that simplifies the implementation of your port-based access policies.

Worried how this could impact performance? Don’t be. As the result of several new features included with version V7R1 of IBM i/OS, the performance impact of Firewall Manager is minimal.

 

Benefits

  • Expands current hardware firewall functions
  • Controls incoming and outgoing network traffic
  • Enhances user-profile-based policies
  • Blocks network traffic that would otherwise avoid exit points, including Secure Shell (SSH), Secure FTP (SFTP), SMTP, and more
  • Provides all needed function/command information
 

Features

  • Allows easy setup and maintenance
  • Seamlessly integrates with Enforcive Enterprise Security Suite, including Central Audit for inquiries (with full filtering), Report Generator for reporting, and Alert Center for real-time alerts of suspicious activity
  • Controls the ports that are permitted to be in “listening” mode
  • Includes audit logging of connection attempts
  • Defines rules at both user and group levels
  • Shows all currently open ports
 

Examples of Definitions Created by Firewall Manager

“Port 21 can be initiated only by users JOHNSMITH and DANNYKEMP and no others”

“Ports 3054 thru 3056 can receive requests only from IP address 56.201.108.23 or IP addresses in the range of 206.31.201.79 - 206.31.201.81”

“Port 21 (FTP) can be used to send files only to the 15-member group of users called ‘Admins’”