Symantec Privileged Access Management

  • Private Community

  • 1.  Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Posted Feb 09, 2018 02:58 PM

    If so what is the configuration needed to make it work correctly.



  • 2.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Posted Feb 13, 2018 07:17 PM

    Bump. Anyone?



  • 3.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8
    Best Answer

    Broadcom Employee
    Posted Feb 14, 2018 01:54 PM

    Hello Dan, It should work with QWS and a secure connection. When you define the TCP service with application protocol TELNET, PAM 3.1.1 brings up an additional Mainframe Protocol selection, which includes TN3270-SSL. In the Ports section you would specify the secure port rather than 23. The client application example given in our online documentation at https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/implementing/provision-your-server/provisioning-devices/about-access-setup/create-tcp-udp-services is "C:\Downloads\QWS 3270\QWS3270.exe <Local IP> <First Port>", where <Local IP> will resolve to the local IP defined in the service, and <First Port> will be the port after the colon in the Ports field, which would be 23232 in the picture below, which is just for illustration, not a tested service. In the picture port 23001 would be the port on the mainframe. Did you try this already and found it not to work?

     



  • 4.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Posted Feb 16, 2018 11:44 AM
      |   view attached

    Ralf,

    We go to an NSSM screen not directly to LPAR is that an issue?

     

     

    Daniel Yodice

     

    InfoSec Analyst

    201-828-7061 Atlas 283-7061

     



  • 5.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Broadcom Employee
    Posted Feb 16, 2018 02:13 PM

    Dan, I don't really understand what you are saying, but if you are referring to a case where when you launch the client you are not getting to the login page directly, but have to either acknowledge another page first, or maybe enter a command or other information that then gets you to the login page, auto-login should still work. The auto-login logic keeps looking for a page/screen that fulfils three requirements:

    1) The screen has at least two input fields

    2) 1st field is a visible input field (username input field)

    3) 2nd field is an invisible input field (password input field)

    The first time you get to such a screen, the first field will be populated with the username, and the second with the password of the account configured/selected for auto-login. After that it will no longer be active.

    Does that answer your question, or did I misunderstand?



  • 6.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Posted Feb 16, 2018 03:39 PM

    Ralf,

    It is a TPX menu we use at UPS. Screen Shot below. Nothing populates in the user field when I try. I will try to get screen shots from my lab environment.

     

     

     

     

     

     

    Daniel Yodice

     

    InfoSec Analyst

    201-828-7061 Atlas 283-7061

     



  • 7.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Broadcom Employee
    Posted Feb 16, 2018 04:36 PM

    I wonder whether the clickable URL is detected as an input field, in which case the logic mentioned above would not regard this a login screen. Please open a support case so we can investigate in detail.



  • 8.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Posted Feb 19, 2018 12:56 PM
      |   view attached

    Ralf,

    I opened a case.

    00966845

     

    Dan

     

    Daniel Yodice

     

    InfoSec Analyst

    201-828-7061 Atlas 283-7061

     



  • 9.  Re: Does 3270 autoconnect feature in 3.1.1 work with QWS Secure v. 4.8

    Broadcom Employee
    Posted Apr 30, 2018 03:46 PM

    For reference, there was a problem with the auto-login logic not working for Dan's login screen that is resolved in PAM 3.2, which is released now.