Getting Started on the IBM Firewall

The task of the IBM Firewall is network security. It serves as a blockade between a secure, internal private network and another (nonsecure) network or the Internet. The purpose of a Firewall is to prevent unwanted or unauthorized communication into or out of the secure network. The Firewall has two jobs:

The IBM Firewall is like a tool box you use to implement the functions of different firewall architectures. Once you choose your architecture and your security strategy, you select the necessary IBM Firewall tools. The IBM Firewall Configuration Client is the means by which you can configure these tools.

Basic Configuration Steps

This section describes the general sequence of configuration steps that would be taken for a basic IBM Firewall setup.
  1. Plan for your IBM Firewall setup. As much as you can in advance, it's a good idea to decide which functions of the Firewall you want to use and how you want to use them. The following sections in the User's Guide are particularly helpful for this:
    Introducing the IBM Firewall
    Migration and Planning
    Planning Considerations (in "Examples of Services" Chapter)
  2. Tell the Firewall which of its interfaces are connected to secure networks. You must have a secure interface and a non-secure interface in order to have your Firewall work properly. From the navigation tree, open the System Administration folder and click on "Interfaces". You should see a listing of the network interfaces on your Firewall. To change the security status of an interface, select an interface and click "Change". For further information on Firewall interfaces, see:
    Designating Your Network Interface
  3. Set up your general security policy. An easy way to do this is to access the Security Policy dialog, available inside of the System Administration folder. For typical Firewall configurations, it is recommended (at a minimum) that you enable the following policies:
    • Permit DNS queries
    • Deny broadcast message to non-secure interface
    • Deny Socks to non-secure adapters
    See the following section for more information on the Security Policy function:
    Using the Configuration Client to Define a Security Policy
  4. Set up your domain name service and mail service. These functions can be accessed from inside the System Administration folder in the navigation tree. Before doing this, however, it would be a good idea to read over the following section in the User's Guide:
    Handling Domain Name and Mail Services
  5. Define key elements of your network(s) to the Firewall. This is accomplished via the Network Objects function in the navigation tree. Network objects are especially important for controlling traffic through the Firewall. Key elements that should be defined as network objects include: For further information on network objects, see:
    Network Objects
  6. Enable services on the Firewall. These are the methods by which users in the secure network can access the non-secure network (such as socks or proxy). Which services get implemented will depend on decisions you made at the planning stage. An important thing to remember is that implementing a service often requires setting up some connection configurations to allow certain types of traffic. For example, if you want to allow your secure users to surf the web on the Internet via HTTP Proxy, not only do you need to configure the HTTP Proxy daemon on the Firewall, but you also need to set up connections to allow HTTP traffic. A good discussion of how to set up connections that support certain services can be found in the following chapter:
    Examples of Services
  7. Set up Firewall users. If you are going to allow users to use Services such as Proxy Telnet or Proxy FTP, you need to define these users to the Firewall. See the following chapter for more information:
    Administering Users at the Firewall

Following these steps should help you get a basic Firewall configuration up and running. The IBM Firewall provides other functions, such as system logs to help you ensure the security of your network. See the User's Guide for more information.


Firewall Name

This field displays which firewall you are logged into and which administrator id is being used.

Logon-Logoff

The Logoff/LogOn button is a reconnect button. When clicked, you are logged off of your current session and the Logon panel is redisplayed. At this point, you can restart the logon sequence to connect to a different Firewall or to log on as a different administrator.

Navigation Tree

The Navigation Tree, along the left side, provides a means of accessing any of the configuration panels associated with different Firewall functions. Different groups of functions have been organized into collapsible folders. Double-clicking on the folder icons acts to open or close them. Double-clicking on a page icon brings up the configuration panel for that function.

Alerts Display

This area displays the contents of the Local1 log file. The Local1 log file collects all Log Monitor threshold violation warnings. You can configure these thresholds by navigating to "Log Monitor Thresholds" via the following path in the Navigation Tree:
-->System Administration
     -->System Logs
          -->Log Monitor Thresholds
You can define the Local1 log file by navigating to "Log Facilities" via the following path in the Navigation Tree:
-->System Administration
     -->System Logs
          -->Log Facilities

Note that this display does not refresh automatically. You must press the "Latest" button to see the most recent alerts.

Icon Key

Occurrences of specific ICA messages exceeded
Authorization failures for specific host exceeded
Total authorization failures exceeded
Authorization failure for specific user

Latest

Click "Latest" to see the most recent alerts.

Previous

Click "Previous" to page up in the alerts file.

Log Viewer

Click on this button to bring up a tool that allows you to browse through your Firewall log files.