Policy activation - 7.0

Assure Security Illumio Implementation Guide
Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Encryption
Assure Security > Assure Secure File Transfer
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure Security > Assure Security Risk Assessment (SRA)
Assure Security > Assure System Access Manager (SAM)
Assure Security > Assure Secure File Transfer with PGP
Version
7.0
ft:locale
en-US
Product name
Assure Security
ft:title
Assure Security Illumio Implementation Guide
Copyright
2025
First publish date
2025
ft:lastEdition
2025-06-03
ft:lastPublication
2025-06-03T12:57:58.093000

 

Note: It is important to ensure that you configure the correct logging policy for your needs.

When you are comfortable with SAM policy, do the following:

  1. Determine the logging policy.

    • If you want everything logged (as it is now), leave the settings as they are (Log=Y on the 2 points and 4 controls).

    • If you want to log rejections only, leave the two 2 points with Log=Y and set the 4 controls to Log=N.

    • You may decide on other combinations depending on your logging policy/decision.

  2. Remove the exit point(s) from simulation mode. This can be done using a menu option or a command.

    Note: When simulation mode is removed, SAM will start rejecting connections that are not allowed by the Illumio policy. This should only be done once you have confirmed that the Assure SAM condition lists are correct by reviewing the log to check that there are no recent rejections that should be authorized.

    To remove simulation mode using a menu option, follow these steps:

    1. Select option 40 from the Assure System Access Manager menu (SECACCESS) to access the Administration menu (CONTROLAD).

    2. Select option 14 to open the Work with SAM Values screen.

    3. Change the “Lock simulation mode” field to ‘N’. Press Enter three times to update/validate the first screen and get through the second screen.

      Note: This option can be returned to ‘Y’ after changing the Simulation mode field on the Points if desired.

    4. Select option 1 from the Assure System Access Manager menu (SECACCESS) to access the Work with SAM Points screen.

    5. Select option 2=Modify for the point you want to change. Update the “Simul mode” field to ‘N’. Press Enter twice to update/validate and exit this point. Repeat this process for the second point if desired.

    To remove simulation mode via commands, follow these steps:

    1. Run the WRKQXVAL command.

    2. Change the “Lock simulation mode” field to ‘N’. Press Enter three times to update/validate the first screen and get through the second screen.

      Note: This option can be returned to ‘Y’ after changing the Simulation mode field on the Points if desired.

    3. Run the following commands:

      • Remove simulation mode for SCK_ACCEPT: 
        CHGQXPNTA PNT(SCK_ACCEPT) SIMUL(*NO)
      • Remove simulation mode for SCK_CONNEC: 
        CHGQXPNTA PNT(SCK_CONNEC) SIMUL(*NO)
    Note: If for any reason, traffic is being blocked unexpectedly, run the following commands to put the points back in simulation mode: 
    CHGQXPNTA PNT(SCK_ACCEPT) SIMUL(*YES)
CHGQXPNTA PNT(SCK_CONNEC) SIMUL(*YES)