I'm sorry, but are you asking for a firewall package that runs on a
mainframe? ('scuse me for a second) <pause>
O.K., I'm back. <g>
If you really want to put a firewall on a mainframe, load TCP/IP for VM
or MVS, create a machine partition via VM or MVS, establish
ESCON/Bus&Tag device connections with a Cisco 7000 series or BTI box,
load (Hitachi) OSF/1 on the partition, then experiment with FWTK which
does run on a mainframe. Be forewarned though, that I/O on a mainframe
is very expensive IP-wise (CPU in mainframe-speak). Offloading the
TCP/IP stack processing onto a Cisco 7000 CIP card helps a bit, but I
haven't seen how it affects FWTK. Both inbound and outbound connections
have to pass through (17MB/sec) escon or Bus&Tag connections, since
there are no machine<->machine internal TCP/IP communications on the
Machine partitions on mainframes is generally B1 certified, though
covert channels are possible by fluctuating the CPU load. As if you
There is no advantage to running a firewall inside a mainframe
partition, other than you can write off the time spent as a real
>From: Eriktauber[SMTP:Eriktauber @
>Sent: Friday, December 12, 1997 7:01 AM
>To: Stout, William
>Subject: Firewall/Mainframe info
>I am looking for information about firewall protection for mainframes.
>Also, I need data about how to secure a site that has an Internet connection
>and mainframe boxes, mainly IBM 3090 from an outside attack.
>It seems that all of the literature about firewalls deal only in the Unix/NT
>realm and ignore the mainframe world.
>Any help about where such info could be found is appreciated.