Create a session endpoint filter

The following are two different methods for creating a session endpoint filter on the CHICAGO system in the figure below. They must satisfy the following requirements:

• Only the FINANCE location can establish a session with the PAYROLL location.
• The CHICAGO location can communicate with any USANET location except PAYROLL.
• The CHICAGO location can communicate with LONDON.

Figure 12. Two connected APPN networks

• Using the QAPPNSSN and QAPPNRMT configuration lists together:

  The most secure method for creating a session endpoint filter is to use the QAPPNSSN configuration list and the QAPPNRMT configuration list together. The QAPPNRMT configuration list provides password security between systems, which helps to protect from an imposter system (a system or user that is pretending to be another system).

  When you use this method, you create the QAPPNSSN configuration list that does not specify any remote locations. It points to the QAPPNRMT configuration list.

  The drawback to this method is that you must explicitly define each location pair on the QAPPNRMT configuration list. If you want the CHICAGO location (which is on the same system as the PAYROLL location) to communicate with other locations, you need to add an entry for each pair.

• Using the QAPPNSSN configuration list by itself:

  When you specify remote locations in the QAPPNSSN configuration list, your configuration task is simpler because you can use generic names and wildcard entries. However, when you use this method, you do not have the protection of password verification between locations. In addition, when you use generic names and wildcards, the system might accept or reject requests in a different way than you intended.