Warning: Network Security 7.15 and later includes a new feature for monitoring Socket exit points. Misuse of Socket Rules can render your system unreachable via TCP. You will see the option to activate exit programs on these socket exit points in the Work with Activation screen. We strongly recommend you do not activate them until careful consideration has been completed in advance. Consider that if you render your system unreachable via TCP, you will need to access the system via the console in order to fix the rules (or to deactivate the Socket Rule servers). To ensure your system does not become unreachable, do not activate socket exit programs unless the system console is available.
Note: For information on installation and setup in an HA environment, submit a case to Technical Support.
This product by its nature is intrusive. We highly discourage updating on a production environment during the course of a normal work day. Choose a time when the fewest number of users are on the system as possible.
System Administrators or users cannot be in any of the Powertech product libraries during this update. Object locks on shared objects may cause the update to fail. Make sure no users are in the following products.
Network Security requires that you enter a valid license key in order to protect your servers. Contact firstname.lastname@example.org if you need to request a new license key.
It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the Network Security installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.
To install Powertech Network Security on your system, the following system values that control object restores must be configured as shown.
If you are installing or updating Network Security on a new system that does not yet include IBM's QAUDJRN audit journal, run the command CHGSECAUD to create one automatically. This is the default journal used to record Network Security’s transaction auditing data.
Network Security requires the following:
If you are using the Showcase product, then in order for Network Security to control access to Showcase, version 18.104.22.168 of Showcase is required.
Download the installation files:
Download the Network Security installer from the Network Security download page. (The "Trial" download is the full product, which can be unlocked with a valid License Key.) Download the Powertech Network Security installer (setupNetworkSecurity7.exe) to your PC.
Insite Users: If you intend to use the HelpSystems Insite Web UI along with Network Security, go to the HelpSystems Insite download page and follow the accompanying Insite installation instructions.
On the Choose Components panel, select which components you want to install. You can choose to install the Manuals and the Software for IBM i. Click Next.
If you’re only installing the Manuals, the process completes and the installer closes. The Manuals have been installed. You can skip the rest of these steps.
Note: The manuals are installed to the following location:
If you’re loading the Software for IBM i, continue to step 4.
C:\Program Files\PowerTech\Network Security\manuals
On the Choose a Destination IBM i panel:
Select or enter the IBM i where you want to load Network Security.
Enter a user profile and password that’s a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *SPLCTL, *SERVICE, *AUDIT, *SAVSYS, and *IOSYSCFG. The user profile should have Limit capabilities set to *NO. This profile will be used to restore and copy objects, and for product maintenance on the IBM i.
(Optional) In the Advanced Settings section:
Enter a port number or use the arrows if you want to change the FTP port number to something other than the default of 21.
Select Secure File Transfer if you want to use FTPS (FTP over SSL) during the file transfer. The default FTPS secure port is 990, but it can be changed to the required secure port for your environment.
In the Timeout (seconds) field, enter the number of seconds the session should be kept active during an FTP transfer. You can choose anywhere between 25 and 1800 seconds (30 minutes).
Note: If the transfer takes longer than the amount of time specified, the session will expire.
You have two options on the Product Load Options panel:
Click Immediate Load if you’d like to load the product on the IBM i now.
Note: If you're doing an update, this ends Network Security until the product load completes. After you are done, we’ll restart the product.
Click Staged Load if you’d like to transfer the objects now and load them on the IBM i at a later time.
Note: See "Loading Staged Objects on the IBM i" (below) for instructions on how to load the staged objects on your selected IBM i system.
The Product Load Progress panel for Network Security launches. When the processing is complete, you have two choices:
Note: If the Product Load Progress panel ends with an overall Failed message, the product upload could not complete properly. To find the reason the upload failed, click View Logs and review your logs. You can also use Download at the top of the logs to save the information for future review.
If this is the only installation or update of Network Security that you're doing, click Finish.
If you have installs or updates to do on other IBM i systems, click Restart. Then, return to step 4.
Use the WRKSPLF command to display the job log for complete information on the Network Security install. (The job log file name is JLOGn, where "n" equals a six digit number, e.g. JLOG144620).
To verify that Network Security installed successfully, enter the following command to display the Powertech Network Security window, which shows the release and modification level of the product:
Network Security installs the following product libraries, profiles, authorization lists, commands,objects, and exit points on your system.
|Installed on System||Description|
(All these profiles are set to Password = *NONE so that they can’t be used to sign on to the system.)
Note: The Network Security installation program places these commands in the PTNSLIB/PTNSLIB07 library. They are copied to QGPL when you activate Network Security.
If you chose to stage your objects during step 5b of the installation or update process, do the following to manually load them on the IBM i you identified above.
On the IBM i, execute the following command to display the Work with Loads panel:
Enter option 1, Load, next to the Load Name for Network Security and press Enter.
The installation program installs Network Security, the PTNSLIB07 library (as needed), and three user profiles (PTUSER, PTADMIN, and PTWRKMGTOW). It adds PTNSLIB07 to the system portion of your library list, if required.
Review the information on the Install Network Security Host panel and make any necessary changes and additions. Select *NEW for the installation, then press Enter.
The Network Security 7 web server has been discontinued in favor of the HelpSystems Insite web server and browser interface, which offers simultaneous viewing of rules across all systems on your network and support for other HelpSystems products including Robot Schedule and Robot Network. Insite is not installed during Network Security's installation procedure. To download HelpSystem's Insite, visit the HelpSystems Insite download page.
The following commands have been removed from Network Security in favor of the HelpSystem's Insite Web UI:
Also, the profile PTWEB, used for the old web server, is no longer installed.
The HelpSystem's Insite Web Browser Interface allows security administrators to work with rules and most other Network Security features directly from a browser. The following browser versions (or later) are required to use Network Security's WUI:
|Hardware Type||Minimum Browser and/or OS Requirements|
Firefox 11 or higher
Chrome 21 or higher
Internet Explorer 11
Safari 6.1 or higher
iOS: Browsers on iOS 8 or higher
Android: OS4.4 or higher using Chrome
Windows: OS 10 using Edge
V7R1 or higher operating system
A feature of HelpSystem's Insite for Network Security is the Dashboard.
The Dashboard displays a count of all transactions monitored or controlled by Network Security. The Dashboard displays the totals for the servers based upon the criteria selected by the user (today's totals, yesterday's totals, last 7 days or last 30 days). You can also select to see the individual server's counts for the past 24 hours. To activate this feature, start the Dashboard Data Summarization job.
To start/end the Dashboard Data Summarization job, use the following commands:
Start - PNSSTRDASH
End - PNSENDDASH
Execution of the Dashboard Data Summarization job can be controlled with the following commands:
PNSHLDDASH - Use this command, Hold Dashboard Collection, to set the system in a state such that data collection to support the web interface Dashboard will not run.
PNSRLSDASH - Use this command, Release Dashboard Collection, to release the Hold Dashboard Collection command, allowing data collection to occur.
After you install, see "Activating Powertech Network Security" in the Network Security Administrator's Guide for instructions on how to activate Network Security. The Network Security Administrator's Guide can be found at Powertech Product Manuals.
The Network Security Administrator's Guide is also installed as part of the product installation in the following directory: C:\Program Files\Powertech\Network Security
Still have questions? We can help. Submit a case to Technical Support.