Port Of Entry (POE) checking

z/OS® Explorer supports Port Of Entry (POE) checking, which allows host access only to trusted TCP/IP addresses. This feature is disabled by default and requires the definition of the BPX.POE security profile, as shown in the following sample RACF® commands:

RDEFINE FACILITY BPX.POE UACC(NONE)
PERMIT BPX.POE CLASS(FACILITY) ACCESS(READ) ID(STCRSE)
SETROPTS RACLIST(FACILITY) REFRESH

Note:

RSE must be configured to use POE by uncommenting the “enable.port.of.entry=true” option in rse.env, as documented in "Defining extra Java™ startup parameters with _RSE_JAVAOPTS" in the Host Configuration Guide (SC27-8437).
Defining BPX.POE will impact other TC/PIP applications that support POE checking, such as INETD.
Security zones (EZB.NETACCESS.** profiles, which are IP address ranges) should be set up in the SERVAUTH class to use the full strength of POE checking.

Refer to Communications Server IP Configuration Guide (SC31-8775) for more information on network access control using POE checking.