Memo to Users for APAR PI80912 Firewall Friendly FTP Client With the PTF for APAR PI80912, the z/VM FTP client is updated to improve interaction in configurations which require traversing firewalls. This support includes some design changes as well as updates to default behavior. The updates that have been made are as follows: - A new FWFRIENDLY configuration statement has been added to the FTP DATA file. When specified as TRUE, data connections will default to passive mode (EPSV/PASV). When specified as FALSE, data connections will use active mode (PORT). This statement only impacts IPv4 connections. TRUE is the default. - New FWFRIENDLY and NOFWFRIENDLY options have been added to the LOCSITE subcommand to manipulate the active/passive setting once a connection has been established. These options are preferred over using the PASSIVE subcommand. - The behavior of the PASSIVE subcommand has been altered slightly. Now, the first time the PASSIVE subcommand is issued, data connections will be placed into passive mode (regardless of the current setting). Subsequent uses of the PASSIVE subcommand on the same connection will toggle the active/passive state. - The output from the LOCSTAT subcommand has been updated to display the current FWFRIENDLY and EPSV4 settings for IPv4 connections. - Logic has been changed such that when extended FTP commands are in use (IPv4 connections with EPSV4 TRUE or any IPv6 connections), the EPSV command will always be used, regardless of the active/passive state. The following documentation changes will be made available on August 25th and the details can be found in the z/VM V6R4 Library in IBM Knowledge Center at https://www.ibm.com/support/knowledgecenter/SSB27U_6.4.0/ com.ibm.zvm.v640/zvminfoc03.htm Publication title: TCP/IP User's Guide Chapter 2. Transferring Files Using FTP - Added documentation of the new FWFRIENDLY configuration statement in the FTP DATA file as follows: The FWFRIENDLY statement specifies whether the FTP client will initially use passive connections for data transfers. Note: Since IPv6 data connections are always passive, this statement only affects IPv4 connections ---FWFRIENDLY--TRUE---- | | >>------------------------------>< | | ---FWFRIENDLY---TRUE--- | | --FALSE-- OPERANDS: TRUE Turns on passive data transfers, which means the FTP client will initiate data transfers. This is the default. FALSE Turns off passive data transfers, which means the FTP server will initiate data transfers. - The description of the EPSV4 operand of the LOCSITE command was updated to clarify the statement only applies to IPv4 connections - The description of the NOEPSV4 operand of the LOCSITE command was updated to clarify the statement only applies to IPv4 connections - A description of the new FWFRIENDLY operand of the LOCSITE command was added. This operand only applies to IPv4 connections and will enable passive data transfers. - A descripton of the new NOFWFRIENDLY operand of the LOCSITE command was added. This operand only applies to IPv4 connections and will disable passive data transfers. - The example output in the LOCSTAT command has been updated to show the settings for FWFRIENDLY and EPSV4. - A note is added to the description of the PASSIVE subcommand to indicate that the LOCSITE FWFRIENDLY/NOFWFRIENDLY subcommand is the preferred method for managing the data transfer mode. - A usage note is added to the description of the PASSIVE subcommand describing its updated behavior. The initial data transfer setting is governed by the FWFRIENDLY setting. The first issuance of the PASSIVE subcommand will enable passive data transfers. Subsequent uses will toggle the active/passive data transfer setting. - A usage note is added to the description of the SENDPORT command to clarify that it is ignored when passive data transfer mode is enabled. - Clarifications were made to the SENDPORT documentation to remove references to the EPRT FTP command. Publication title: TCP/IP Messages and Codes Chapter 2. FTP Messages - The following message is added to the FTP Client Unumbered Messages section: FWFRIENDLY value value is not valid. Default value used _____ Explanation: The specified value used on the FWFRIENDLY FTP DATA config- uration file statement is not valid. The default value of TRUE is used. Valid values are TRUE and FALSE. System response: Program execution continues. User response: If necessary, terminate the FTP session and correct the FWFRIENDLY keyword value in the FTP DATA file. Module: FTBVMSUB PASCAL Severity: Informational. Procedure Name: ReadVMFtpData Publication title: TCP/IP Diagnosis Guide Chapter 9. FTP Traces - The FTP Connection section is updated to reflect the current operation of the FTP client and server. - The FTP Client Traces section is updated to provide a current version of a client trace with updated descriptions.