Port Of Entry (POE) checking
z/OS® Explorer supports Port Of Entry (POE) checking, which allows host access only to trusted TCP/IP addresses. This feature is disabled by default and requires the definition of the
BPX.POEsecurity profile, as shown in the following sample RACF® commands:
RDEFINE FACILITY BPX.POE UACC(NONE)
PERMIT BPX.POE CLASS(FACILITY) ACCESS(READ) ID(STCRSE)
SETROPTS RACLIST(FACILITY) REFRESH
- RSE must be configured to use POE by uncommenting the “
enable.port.of.entry=true” option in
rse.env, as documented in "Defining extra Java™ startup parameters with _RSE_JAVAOPTS" in the Host Configuration Guide (SC27-8437).
BPX.POEwill impact other TC/PIP applications that support POE checking, such as INETD.
- Security zones (
EZB.NETACCESS.**profiles, which are IP address ranges) should be set up in the
SERVAUTHclass to use the full strength of POE checking.
Refer to Communications Server IP Configuration Guide (SC31-8775) for more information on network access control using POE checking.