You are here:

New/Edit Socket Rule screen

The New Socket Rule screen is used to add new Socket Rules. The Edit Socket Rule screen is used to edit Socket Rules.

How to get there

On the Navigation Pane, choose Socket Rules.
Click Add. Or, to edit an existing Socket Rule, click the icon adjacent to the Socket Rule you would like to change and choose Edit.

Options

Name

The name of the Socket Rule.

Server > Function; Select

Choose Select for a new rule to open the Servers selection window where you can choose from the socket Accept (QSOACCEPT), Connect (QSOCONNECT), and Listen (QSOLISTEN) servers. For a description of servers and functions, see Appendix B: Servers and Functions.

Authority; Select

Y Network Security will allow requests when this rule is enforced.

N Network Security will reject requests when this rule is enforced.

Audit

The audit property controls the type of requests Network Security will log.

Possible values are:

Yes Log all requests by the location/server/function.

No Only log authority failures for the location/server/function.

Inherit Inherit the value.

Message

The message property entry will determine if Network Security sends a message to the Network Security message queue.

Possible values are:

Yes A message is sent to the Network Security message queue.

No No message is sent.

Inherit Inherit the value.

Capture

Capture transactions for Memorized Transaction Request.

Possible values are:

Yes Capture transactions.

No Do not capture transactions.

Inherit Inherit the value.

Active

The Socket Rule Active flag determines whether the rule will be evaluated by the exit point program.

It can be useful to initially set a Socket Rule as not active in order to test it without enforcing it.

The valid values are:

Yes Network Security will evaluate the rule.

No Network Security will not evaluate the rule.

The value N is not allowed for the default Socket Rule (sequence number 99999).

Test

The Socket Rule Test flag determines whether the rule will be evaluated by the Socket Rule test facility.

It can be useful to flag a rule to not be tested in order to verify the effects of removing that rule.

The value N is not allowed for the default Socket Rule (sequence number 99999).

The valid values are:

Yes The Socket Rule test facility will evaluate the rule.

No The Socket Rule test facility will not evaluate the rule.

Sequence

Set First • Set Last • Go To Current

This list shows the sequence used to determine the order in which this Socket Rule will be evaluated.

For example, if there are three Socket Rules for a specific Server/Function (e.g. QSOACCEPT), then the Socket Rule at the top of this list will be used.

Click Set First to move the current Socket Rule to the top of the list.

Click Set Last to move the current Socket Rule to the bottom of the list.

Click Go To Current to automatically scroll the list so that the currently selected Socket Rule is visible.

Conditions

Use this section to view or change Socket Rule conditions.

[Conditions list]

The sequence number of a Socket Condition determines the order in which it is combined with other Socket Conditions for a Socket Rule.

Connector

The connector determines how a Socket Condition relates to other Socket Conditions for a Socket Rule.

Socket Conditions with a higher order of precedence are evaluated before ones with a lower order of precedence.

The connector for the Socket Condition with the lowest sequence number is ignored.

The valid values are:

OR This Socket Condition is OR'ed with others. An OR has the lowest order of precedence (evaluated last).

AND This Socket Condition is AND'ed with others. An AND has a higher order of precedence than an OR, but lower than an ORAND.

ORAND This Socket Condition is OR'ed with others. An ORAND has the highest order of precedence (evaluated first).

[Field]

This is the name of the field to be evaluated at run time.

The valid values are dependent on the Socket Rule.

Valid values for the QSOLISTEN server are:

LCL_PORT The local port number; an integer between 1 and 65535.

LCL_USR The user profile associated with the job issuing the listen.

LCL_USR_GRP A User Group containing the user profile associated with the job issuing the listen.

Valid values for the QSOCONNECT server are:

LCL_PORT The local port number; an integer between 1 and 65535.

RMT_PORT The remote port number; an integer between 1 and 65535.

RMT_ADDR The remote address. Valid formats are IPv4, IPv6, and Powertech Network Security IP address groups.

LCL_USR The user profile associated with the job issuing the connect.

LCL_USR_GRP A User Group containing the user profile associated with the job issuing the connect.

Valid values for the QSOACCEPT server are:

LCL_IN_PORT The local incoming port number; an integer between 1 and 65535.

LCL_BND_PORT The local bound port number; an integer between 1 and 65535.

RMT_PORT The remote port number; an integer between 1 and 65535.

RMT_ADDR The remote address. Valid formats are IPv4, IPv6, and Powertech Network Security IP address groups.

LCL_USR The user profile associated with the job issuing the accept.

LCL_USR_GRP A User Group containing the user profile associated with the job issuing the accept.

[Operator]

The test used for the value of the field and the criteria to evaluate this Socket Condition.

= The value of the field is equal to the criteria, or, if the criteria can be a list, the value of the field is found in that list.

<> The value of the field is not equal to the criteria, or, if the criteria can be a list, the value of the field is not found in that list.

> The value of the field is greater than the criteria.

< The value of the field is less than the criteria.

>= The value of the field is greater than or equal to the criteria.

<= The value of the field is less than or equal to the criteria.

ALWAYS This will cause the condition to always match. It is used on the Socket Condition of the default Socket Rule, and may be used on non-default Socket Rules. If present, it must be the only Socket Condition for a Socket Rule.

[Criteria]

This is the value against which the value of the selected field will be compared at run time.

The valid values are dependent on the selected Field.

Delete • Add •Edit • OK

Select a condition and press Delete to remove the condition.

Select Add to add a new condition.

Select Edit to change a condition.

Select OK to confirm a condition.

Save • Cancel

Click Save to save the Socket Rule to the database. Choose Cancel to dismiss the screen without making changes.

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.15 | 201709140431