June 20, 2000
SecureWay Firewall V4.2 for Windows NT and AIX Offers More Secure, Cost-Effective Connectivity
At a Glance
Protect your valuable business assets, provide a virtual private network, and offer easy-to-use administration with comprehensive network security! Firewall 4.2 for AIX extends V4.1 with new features:
Firewall 4.2 offers the following new features for AIX and Windows NT:
For ordering, contact:
IBM's SecureWay Firewall products can help protect your network by:
What's New in Firewall V4.2 for both Windows NT and AIX® Platforms
The AIX platform is further enhanced with the addition of:
Windows NT installations require Windows NT Server V4. AIX installations require AIX V4.3.3.
Planned Availability Date
SecureWay Plus Module for Tivoli
Firewall users can now perform remote administration from a Tivoli console using the Plus module. The module lets you perform the following tasks:
For instructions on downloading the Plus module visit:
This module is in the English language only.
Web Traffic Express (WTE) Upgrade
The SecureWay Firewall V4.2 provides a full-featured HTTP proxy implementation based upon a new, upgraded version of the WTE3 product. The HTTP proxy efficiently handles browser requests through the IBM Firewall, eliminating the need for a socks server for Web browsing.
The Connection Wizard is designed to simplify configuration of common Firewall connections. The wizard is a fast mechanism for building connections while reducing human error. It is provided as an option to users who are inexperienced with filter configuration or who are interested in fast set-up of some of the more typical kinds of filter connections. It can be useful for configuring DMZ Firewalls (or any Firewall with more than two adapters).
Lightweight Directory Access Protocol (LDAP) User Authentication
The Firewall accesses SecureWay Directory LDAP is used to authenticate the following proxy users:
The Tivoli SecureWay Policy Director (5698-PDD or 5698-PDI) is not included with Firewall and must be purchased separately. If you do not use the SecureWay Directory, the Firewall uses the local database to authenticate users. To configure the Firewall for LDAP authentication, use the LDAP wizard, which is accessible from the Help menu in the Firewall configuration client GUI.
Dynamic Filter for File Transfer Protocol PASV Command (FTP PASV)
With PASV FTP data transfers, the client sends a PASV command, and the server performs a passive TCP-open on a random port. The server then informs the client of the port number, and the client does an active-open to establish the connection.
IBM Firewall V4.2 supports PASV FTP transfers by monitoring and identifying PASV FTP control connections. Once a control connection has been identified, a dynamic filter rule is defined. The filter rule is removed once transfer ends.
AIX Internet Key Exchange (IKE) Support
Firewall V4.2 supports IKE tunnels in AIX V4.3.3. IKE is a protocol for automatically and securely exchanging a VPN tunnel's encryption keys. Therefore, it substantially simplifies the configuration and maintenance of VPN tunnels.
IKE VPN Client
IBM will make available the Ashley Laurent corporation's VPN Client (VPCom Client) for your use. This VPN Client can be installed on Windows 95, Windows 98, and Windows NT Workstations. It can be used to establish an IKE tunnel between the Client and another host running an IKE implementation, such as AIX V4.3.3. Firewall V4.2 running on AIX V4.3.3 supports IKE tunnels configured with this VPN Client.
Capabilities No Longer Supported in Firewall V4.2
This product is Year 2000 ready. When used in accordance with its associated documentation, it is capable of correctly processing, providing, and/or receiving date data within and between the twentieth and twenty-first centuries, provided that all products (for example, hardware, software, and firmware) used with the product properly exchange accurate date data with it.
Refer to Software Announcement 299-295 , dated September 28, 1999
Product information will be available on day of announcement through Offering Information (OITOOL) at:
No hardcopy publications are shipped with this program.
The following publications can be ordered after availability. To order, contact an IBM/Tivoli® representative.
Order Title Number IBM SecureWay(TM) Firewall User's GC31-8658 Guide for Windows NT(TM) IBM SecureWay Firewall Reference SC31-8659 for Windows NT IBM SecureWay Firewall User's GC31-8419 Guide for AIX(R) IBM SecureWay Firewall SC31-8418 Reference for AIX
In addition, to download, view, and print the Firewall publications in Portable Document Format (PDF), you can use the IBM Internet Firewall Web site at:
For printing PDF files, you will need the Adobe Acrobat Reader, which is available through:
Displayable Softcopy Publications: The following English and translated publications are offered in softcopy form. The displayable manuals are part of the basic machine-readable material at no additional charge. The files are shipped on the same media type as the basic machine-readable material (CD-ROM).
These displayable manuals can be used with the PDF, in conjunction with the ADOBE Acrobat Reader licensed programs, in any of the supported environments to create unmodified printed copies of the manuals. Terms and conditions for use of the machine-readable files are shipped with the files. The following publications are provided, including the translated editions of:
The following publications for AIX Firewall are provided in English only:
The IBM SecureWay Firewall Problem Determination Guide (English only) is available at the following:
A number of additional Redbooks that pertain to the Firewall may be found at the following:
Specified Operating Environment
For Firewall on AIX
Firewall for both Windows NT and AIX require:
To install and use IBM Firewall Version 4.2 for Windows NT, you must have the following programs installed:
If using Service Pack 3, then the following Microsoft Corrective service hotfixes should be installed:
These fixes should be installed in the listed sequence. The English versions of these hotfixes are currently available from Microsoft, Inc. Some hotfixes may not be available for select language versions of Windows NT V4.0. Availability of hotfixes from Microsoft, Inc. may impact Firewall function and security for national language versions of Windows NT. For additional information on Microsoft hotfixes, refer to:
This program when downloaded from a Web site, contains the applicable IBM license agreement, and License Information (LI), if appropriate, and will be presented for acceptance at the time of installation of the program. The license and LI will be stored in a directory for future reference.
Security, Auditability, and Control
The security and auditability features of the Firewall V4.2 for Windows NT and AIX include the following:
The security and auditability feature unique to Firewall V4.2 for Windows NT and AIX is configuration file checksum monitor.
The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.
IBM SecureWay Firewall V4.2 for Windows NT and AIX has a Gateway Install CD-ROM and a per User authorization. A User is an IP Address that sends IP packets through the firewall from the secure side of the Firewall.
Customers requiring 500 or more users should order the Unrestricted Users rather than multiple 1 User units.
The Firewall units are also available as upgrades for customers licensed for prior IBM Firewall installations, Internet Connection Secure Network Gateway V2 (ICSNG) installations, or non-IBM Firewall installations.
The Gateway install program packages and upgrade packages contain CD-ROMs authorized for one user and one install. Customers requiring greater capacity must also order the appropriate number of user installs authorization.
Upgrade Entitlements Table from Previous Versions and Non-IBM Firewalls
Firewall (FW) FW V4.2 for NT FW V4.2 for NT AIX, V4.2 DES/CDMF Upgrade for NT or AIX, 1 User Unrestricted Upgrade From: or AIX PP Upgrade Upgrade Version 4.1 1 Number of 4.1 users -- Version 3 Entry 1 and 24 users -- Small 1 and 49 users -- Medium 1 and 249 users -- Unrestricted 1 -- and 1 Unres Version 2 1 -- and 1 Unres Non-IBM Firewalls 1 -- and 1 Unres Unres = Unrestricted
Triple DES will be available as a no charge upgrade to the DES/CDMF program packages. Customers wishing to receive Triple DES upgrades can download the upgrades from the IBM Web site at:
Part Number Ordering Information
Part Program Name/Description Number Firewall V4.2 DES/CDMF for NT 11K7929 Program Package, 1 Gateway Install and 1 user Firewall V4.2 for NT, 1 Gateway 11K7931 Install Firewall V4.2 for NT, 1 User 11K7932 Firewall V4.2 NT Unrestricted Users 11K7933 per Gateway Install Firewall V4.2 DES/CDMF for AIX 11K7919 Program Package, 1 Gateway Install and 1 User Firewall V4.2 for AIX, 1 Gateway 11K7921 Install Firewall V4.2 for AIX, 1 User 11K7922 Firewall V4.2 AIX Unrestricted Users 11K7923 per Gateway Install Firewall V4.2 DES/CDMF for NT, 11K5782 1 Gateway Install and 1 User for Electronic Software (SW) Distribution Part Program Name/Description Number Firewall V4.2 DES/CDMF for AIX, 11K5780 1 Gateway Install and 1 User for Electronic SW Distribution Firewall V4.2 DES/CDMF for NT Upgrade 11K5783 from V4, V3, V2, or non-IBM Firewalls, 1 Gateway Install and 1 User for Electronic SW Distribution Firewall V4.2 DES/CDMF for AIX Upgrade 11K5781 from V4, V3, V2, or non-IBM Firewalls, 1 Gateway Install and 1 User for Electronic SW Distribution Upgrades Firewall V4.2 DES/CDMF for NT Program 11K7930 Package Upgrade from V4, V3, V2, or non-IBM Firewalls, 1 Gateway Install and 1 User Firewall V4.2 for NT, 1 Gateway Install 11K7934 Upgrade Firewall V4.2, NT User Upgrade 11K7935 Firewall V4.2 for NT Unrestricted Users 11K7936 per Gateway Install Upgrade Firewall V4.2 DES/CDMF for AIX Program 11K7920 Package Upgrade from V4, V3, V2, or non-IBM Firewalls, 1 Gateway Install and 1 User Part Program Name/Description Number Firewall V4.2 for AIX, 1 Gateway Install 11K7924 Upgrade Firewall V4.2 for AIX, 1 User Upgrade 11K7925 Firewall V4.2 for AIX, Unrestricted Users 11K7926 per Gateway Install Upgrade
Media Packs Number Firewall V4.2 Media Pack AIX CD-ROM BE6JDML Firewall V4.2 Media Pack NT CD-ROM BE78MML
Program Name: Firewall V4.2 DES/CDMF Gateway for AIX Program Package
Machine Type/Model Ordering Information
Current licensees of SecureWay Firewall V4, V3, V2 for AIX or non-IBM Firewalls may order the upgrade from IBM Software Delivery and Fulfillment by specifying the upgrade one-time charge (OTC) feature number and distribution medium feature number from the upgrade table below.
To order, specify type/model 5697-F48, feature number 9001 for asset registration, and the one-time charge and distribution medium feature numbers from the table below.
OTC Medium Order Type Machine Feature Feature Description Type/Model Number Number Medium Firewall V4.2 DES/CDMF for 5697-F48 0001 5829 CD-ROM AIX Program Package, 1 Gateway Install and 1 User Firewall V4.2 for AIX 1 Gateway 0002 Install Firewall V4.2 for AIX, 1 User 0003 Firewall V4.2 for AIX 0004 Unrestricted Users Per Gateway Install
Media Withdrawal from Marketing
Effective January 31, 2001, medium feature number 5819 for Firewall V4.1 for AIX will be withdrawn from marketing of 5697-F48.
OTC Medium Order Type Machine Feature Feature Description Type/Model Number Number Medium Firewall V4.2 DES/CDMF for AIX 5697-F48 1000 5829 CD-ROM Program Package Upgrade from V4, V3, V2, or non-IBM Firewalls, 1 Gateway Install and 1 User Firewall V4.2 for AIX, 1001 1 Gateway Install Upgrade Firewall V4.2 for AIX, 1002 1 User Upgrade Firewall V4.2 for AIX 1003 Unrestricted Users per Gateway Install Upgrade
Withdrawal of Previous Passport Advantage Part Number: The following Passport Advantage part number is being replaced or obsoleted by this announcement. The effective withdrawal date is October 7, 2000.
Orders for this part number will not be accepted after the stated effective date of withdrawal, nor will normal marketing activities or educational support be available unless previous agreement exists between the customer and IBM.
Part Program Name/Description Number Firewall V4.1 Media Pack NT BE6F3NA CD-ROM and AIX CD-ROM
Select the appropriate feature numbers to customize your order with delivery options desired. These features can be specified on the initial or MES orders.
Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program.
Feature Description Number Initial Shipments Serial Number Only (suppresses shipment 3444 of media and documentation) Ship Media Only (suppresses initial 3470 shipment of documentation) Ship Documentation Only (suppresses 3471 initial shipment of media) Update Shipments Ship Media Updates Only (suppresses 3480 update shipment of documentation) Ship Documentation Only (suppresses 3481 update shipment of media) Suppress Updates (suppresses update 3482 shipment of media and documentation) Expedite Shipments Local IBM Office Expedite 3445 (for IBM use only) Customer Expedite Process Charge 3446 ($30 charge for each product)
Expedite shipments will be processed to receive 72-hour delivery from the time IBM Software Delivery and Fulfillment (SDF) receives the order. SDF will then ship the order via overnight air transportation.
Terms and Conditions
The charges provided in this announcement are suggested retail prices for the U.S. only and are provided for your information only. Dealer prices may vary, and prices may also vary by country. Prices are subject to change without notice. For additional information and current prices, contact your local IBM representative.
Program Program Name/Description Number Charge Firewall V4.2 DES/CDMF for NT 11K7929 $ 2,079 Program Package, 1 Gateway Install and 1 User Firewall V4.2 for NT Gateway 11K7931 1,999 Install Firewall V4.2 for NT, 1 User 11K7932 32 Firewall V4.2 for NT 11K7933 15,999 Unrestricted Users per Gateway Install Firewall V4.2 DES/CDMF for NT, 11K5782 2,031 1 Gateway Install and 1 User for Electronic SW Distribution Firewall V4.2 DES/CDMF for AIX 11K7919 2,079 Program Package, 1 Gateway Install and 1 User Firewall V4.2 for AIX, 11K7921 1,999 1 Gateway Install Firewall V4.2 for AIX User 11K7922 32 Firewall V4.2 for AIX 11K7923 15,999 Unrestricted Users per Gateway Install Program Program Name/Description Number Charge FirewallV4.2 DES/CDMF for AIX, 11K5780 $2,031 1 Gateway Install and 1 User for Electronic SW Distribution Upgrades Firewall V4.2 DES/CDMF for NT 11K7930 625 Program Package Upgrade from V3, V2, or Non-IBM Firewalls, 1 Gateway Install and 1 User Firewall V4.2 for NT, 11K7934 599 1 Gateway Upgrade Firewall V4.2 for NT, 11K7935 10 1 User Install Upgrade Firewall V4.2 for NT 11K7936 4,799 Unrestricted Users per Gateway Install Upgrade Firewall V4.2 DES/CDMF for NT 11K5783 625 Upgrade from V3, V2, or non-IBM Firewalls, 1 Gateway Install and 1 User for Electronic Software Distribution Firewall V4.2 DES/CDMF for AIX 11K7920 625 Program Package Upgrade from V3, V2, or Non-IBM Firewalls, 1 Gateway Install and 1 User Firewall V4.2 for AIX, 11K7924 599 1 Gateway Upgrade Firewall V4.2 for AIX, 11K7925 10 1 User Install Upgrade Firewall V4.2 for AIX 11K7926 4,799 Unrestricted Users per Gateway Install Upgrade Firewall V4.2 DES/CDMF for AIX 11K5781 625 Upgrade from V3, V2, or non-IBM Firewalls, 1 Gateway Install and 1 User for Electronic Software Distribution
Note: For Passport Advantage charges, contact your IBM Lotus representative or authorized IBM Lotus Business Partner. Additional information is also available on the Passport Advantage:
Customer Financing: IBM Global Financing offers attractive financing to credit-qualified commercial and government customers and Business Partners in more than 40 countries around the world. IBM Global Financing is provided by the IBM Credit Corporation in the United States. Offerings, rates, terms and availability may vary by country. Contact your local IBM Global Financing organization. Country organizations are listed on the Web at:
Use Priority/Reference Code: YE001 Phone: 800-IBM-CALL Fax: 800-2IBM-FAX Internet: firstname.lastname@example.org Mail: IBM Atlanta Sales Center Dept. YE001 P.O. Box 2690 Atlanta, GA 30301-2690
You can also contact your local IBM Business Partner or IBM representative. To identify them, call 800-IBM-4YOU.
Note: Shipments will begin after the planned availability date.