RFC1006 configuration

RFC1006 configuration consists of the following tabs: Connections, Security, Certificate, Keep Alive, Trace, Firewall, and Security Server.

Connections tab

This dialog displays your Host Connection list and contains buttons for creating new connections as well as editing, removing and sorting them.

RFC 1006 Connections

•

Connection List: This is a list of your configured hosts (if any). A total of 32 connections can be specified.

•

New: Click to create new host sessions. When clicked, the Define New Connection dialog box appears with the following options:

♦

Connection Name: A unique name used to identify the collection of Connection settings.

♦

Host Address: Specifies the computer name (in Internet format, known as DNS Name) or the IP address in either IPv4 or IPv6 format, of the host system.

♦

TCP Port: Specifies the TCP port number to which to connect. The default is 102.

♦

Remote TSAP Port: Specifies the Remote TSAP port number to which to connect. The default is 0.

♦

Local TSAP: Specifies the Local TSAP which to connect.

♦

Remote TSAP: Specifies the Remote TSAP which to connect.

♦

Backup Host: Specifies a second host connection if the first connection attempt fails.

♦

Connection Timer: Specifies the maximum amount of time (in seconds) to wait for the TN connection to complete.

♦

Bypass Firewall: If enabled, individual connections can bypass the global Firewall settings and connect directly to the host

•

Edit: Click to edit existing host connections that appear in the Connection List.

•

Remove: Click to remove existing host connections from the Connection List.

•

Sort: Click to sort the Connection List into alphabetical order.

•

Use Connection Name as Session Description: If checked, the name that you gave to the active connection appears in the BlueZone title bar, immediately after the session number. This feature is useful if you have multiple hosts defined, and you are not using the "Connections" drop-down list and you want to know the name of the current connection.

Security tab

All BlueZone emulator clients support the SSL protocol through the BlueZone Security Server or any SSL enabled Telnet connection including IBM Communications Server for NT (SSL v3 only), OS/390, and the iSeries V4R4. BlueZone clients may be pre-configured for distribution with SSL enabled eliminating the need for any end user intervention in the installation or configuration of BlueZone.

Security Options

•

Enable Secure Sockets Layer: Specifies whether the TCP connection to the host must be encrypted using SSL.

•

Preferred Cipher Suite: If you have a preference, select a Cipher Suite from the list box. Otherwise, leave it set to None.

Invalid Certificates

Specifies how to handle an invalid server certificate. Options include:

•

Always Reject: Specifies that an invalid server certificate must always be rejected.

•

Ask Before Accepting: Specifies that the user must be asked whether to accept an invalid server certificate.

•

Always Accept: Specifies that an invalid server certificate must always be accepted.

SSL Version

Specifies which version of the SSL protocol must be used. Options include:

•

SSL v3: (Default) Specifies that SSL version 3 must be used.

•

TLS v1: Specifies that TLS version 1 must be used.

Note

SSL v3 and TLS v1 are nearly identical. TLS v1 is preferred.

Certificate tab

Client Certificate

These parameters specify the type of Client Certificate to use if any. Enable Secure Sockets Layer on the Security tab must be enabled in order for Client Certificate support to be active.

•

No Client Certificate: Specifies that a client certificate must not be presented.

•

Client Certificate in Disk File: Specifies that a client certificate must be presented.

♦

Certificate File: Specifies the path to the Certificate File.

§

View: Click to view the certificate.

§

Browse: Click to locate the Certificate File.

♦

Private Key File: Specifies the path to the Private Key File.

§

Browse: Click to locate the Private Key File.

•

Client Certificate in Certificate Store: Specifies that a client certificate must be presented that is located in the Certificate Store.

♦

Common Name: Specifies the path to the Common Name File.

§

View: Click to view the certificate.

§

Browse: Click to display a list of certificates in the Certificate Store.

•

Client Certificate in Certificate on Smart Card: Specifies that a client certificate stored on a Smart Card must be presented.

Root Certificates

These parameters specify the Root Certificate store to use. The one provided by OpenSSL, or the one that is provided by Windows.

•

Use OpenSSL Root Certificates: (Default) If selected, the Root Certificates provided by OpenSSL is used.

•

Use Windows Root Certificates: If selected, BlueZone looks for a file called rootcerts.pem in the end user's bluezone\certs directory. If it doesn't exist, it automatically exports the root certificates from Windows and store them there, giving a message such as 109 root certificates were exported.

♦

Update Root Certificates: Click to manually export the certificates. If you connect and are presented with an untrusted host root certificate, and check the box to add it to the trusted list, it imports it into the Windows root store (which can produce a Windows message asking for confirmation), and then exports the root store again to disk producing a message such as 109 root certificates were exported. When this is performed one time, subsequent connections connect without messages.

Keep Alive tab

Timer Options

These parameters specify whether the client must send keep-alive messages to the server to keep the TN3270E session active:

•

Disable: Disables keep-alive messages. (Default)

•

Use NOP: Uses the Telnet NOP (No Op) for keep-alive messages.

•

Use Timing Mark: Uses the Telnet Timing Mark (TM) for keep-alive messages.

•

Timer Value (Minutes): Specifies the time interval (in minutes) for sending keep-alive messages.

Trace tab

These parameters specify the interfaces to be traced and the file name to which the trace file is written. The trace files are in ASCII text format and can be viewed with Notepad or WordPad. Refer to Capturing BlueZone traces for more information.

Trace Options

•

Trace Sockets Interface: Traces the data as it passes through the Winsock interface from the network connection.

•

Trace RUI Interface: Traces the data as it passes between the TN3270E driver and the BlueZone terminal session.

•

Trace SSL Connection: Traces the data as it passes through the Secure Sockets Layer component of the TN3270E driver.

•

Trace File: Specifies the file name to which the trace file is written.

♦

Browse: Displays a dialog used to select the directory and file name. BlueZone provides a Traces directory in the BlueZone installation directory.

CAUTION

This must be a valid path or the trace feature does not work.

•

Trace Viewer: Specifies the program that is used to read the trace file after it has been captured and written.

♦

Browse: Displays a dialog used to select the directory and file name.

•

Start Trace: Used to manually start the trace.

•

Stop Trace: Used to stop the trace.

•

View Trace: Used to view the trace. BlueZone automatically uses the Trace Viewer program specified above.

Firewall tab

The Firewall tab allows the configuration of Firewall and Proxy Server sign on systems.

Firewall Options

•

Connect Through Firewall or Proxy Server: Check to enable this feature.

•

Firewall Type: Select the Firewall Type from the drop-down listbox:

♦

SOCKS4 Proxy

♦

SOCKS4A Proxy

♦

SOCKS5 Proxy

♦

NVT Proxy or Firewall

♦

HTTP Tunneling Proxy

•

Firewall Address: Type the IP address of the Firewall.

•

Port: Type the Port number used by the Firewall.

•

Timeout : Type the appropriate Time out value.

•

User Name: Type the appropriate User Name.

•

Password: Type the appropriate Password.

•

Domain: Type the appropriate Domain.

Note

If you selected NVT Proxy or Firewall, then you must provide the following prompts:

♦

Host Name Prompt: Type the firewall prompt, or a unique portion of the prompt, of the host name that BlueZone is expecting. For example, Enter host name. If this prompt is detected, the Host Address from the Connections tab is sent.

♦

User Name Prompt: Type the firewall prompt, or a unique portion of the prompt, of the user name that the firewall is expecting. For example, Enter user name. If this prompt is detected, the User Name Prompt field is sent.

♦

Password Prompt: Type the firewall prompt, or a unique portion of the prompt, of the password that the firewall is expecting. For example, Enter password. If this prompt is detected, the Password Prompt field is sent.

♦

Connected Prompt: Type the firewall prompt, or a unique portion of the prompt, of the connection message. For example, Connected or Connected to host. If this prompt is detected, the firewall connection is considered to be complete and the Telnet negotiation begins.

Security Server tab

The Security Server tab is used to configure BlueZone to use the BlueZone Security Server as a Proxy Server to multiple hosts. This feature enables you to support connecting to multiple "back end" hosts through a single port in the BlueZone Security Server while using HTTPS tunneling in BlueZone.

Security Server Options

•

Use Security Server to proxy to Multiple Hosts: Enable

•

Proxy Type: Select the desired Proxy Type from the listbox.

•

Security Server Address: Type the IP address of the Security Server.

•

Port: Type the Port being used by the Security Server for these connections.

•

Timeout: The time (in seconds) after which, if a prompt from the Firewall has not been received, BlueZone assumes that the Firewall has been traversed and proceed with the next stage of the connection process. This is required for Firewalls which authenticate a user once but then do not re-authenticate on subsequent connections within a certain time period.