|
|
|
CA TCPaccess FTP Server for z/OS policy rule sets, together with your security package, let you control the transfer of files using FTP. A rule set is a grouping of rules.
An FTP policy rule set contains the following criteria to match the rule to FTP file transfer requests:
You can define a rule set containing FTP policy rules on your CA NetMaster FTM region and load it. You can define many rule sets of policy rules on your CA NetMaster FTM region; however, only one of the rule sets can be loaded at any one time.
The FTP policy rule sets are stored in the CA NetMaster FTM knowledge base and you can maintain them in this region. Rule set maintenance does not effect the loaded policy rule set; to change the loaded rule set, you need to reload it.
To activate a policy rule set, you must load a copy of the rule set.
The loaded policy rule set is enforced if an active SOLVE SSI has set PKTANALYZER=YES and the policy mode is ON. It does not depend on the CA NetMaster FTM region once it is loaded.
The user of the loaded policy rule set is CA TCPaccess FTP Server for z/OS.
To define a policy rule set
The FTP Policy Ruleset List panel appears.
The FTP Policy Ruleset panel appears.
Specifies the name of the rule set.
Briefly describes the rule set.
The definition is saved in the knowledge base.
During operation, only one rule set can be loaded; therefore, you should combine all the CA TCPaccess FTP Server for z/OS policy rules that are to be used together into the same rule set. You can create different rule sets to do the following:
To add a policy rule to a rule set
The File Transfer Ruleset List appears.
The FTP Policy Rule List appears.
Note: Policy rules are evaluated in the order that they appear in the list, until a match is made.
The FTP Policy Rule panel appears.
Briefly describes the rule.
Specifies whether the rule is used when it is loaded.
Specifies whether the rule allows matched FTP requests.
Specifies whether messages are logged for matched FTP requests in CA TCPaccess FTP Server for z/OS:
Used to support SAF security. If Allow Request? is YES, you can use this value to perform further checking of a matched FTP request.
The resource that can be checked is as follows: FTP.saf-qualifier.remote-ip-address.filename.
The default SAF class is $FTP. However, you can change the class through the FTPCNTL parameter group.
Specifies the names of files to match. You can use a mask to allow matching of more than one file. The specified value is not case sensitive.
The wildcard characters are %, representing zero or more characters, and _, representing a single character.
Specifies the user IDs to match. You can specify a list of IDs separated by comma (,). You can use masks. The specified value is not case sensitive.
The wildcard characters are %, representing zero or more characters, and _, representing a single character.
Specifies whether the rule matches inbound or outbound file transfers.
Specifies the CA TCPaccess FTP Server for z/OS on the local system to match.
Specifies the CA TCPaccess FTP Server for z/OS on the local system to match.
Specifies the range of remote IP addresses to match. To match a single address, leave the High field blank.
Specifies the period to match. If the first time is later than the second time, then the period spans midnight.
Specifies the days of the week to match.
Press F3 (File).
The rules are saved in the knowledge base.
When a rule set is complete, you can activate it by loading it.
Note: Only one rule set can be active at any time.
To load a policy rule set
The FTP Policy Ruleset List appears.
The FTP Policy Ruleset panel appears, showing the name of the rule set definition to be loaded.
Specifies the policy mode to use:
Press F6 (Confirm).
The FTP policy rule set is loaded.
Note: After you have loaded a policy rule set, it is highlighted in white in the rule set list. If you have made any changes to the rule set since it was loaded, then ** MODIFIED ** appears to the right of its name. If you make changes to the loaded rule set, they do not take effect until you reload the rule set.
To set the policy mode for an active policy rule set
The FTP Policy Ruleset panel appears.
Specifies the policy mode to use:
Press F6 (Confirm).
The policy mode is saved.
| Copyright © 2010 CA. All rights reserved. |
|