Skip to Main Content
IBM Power Ideas Portal

This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Workspace IBM i
Created by Guest
Created on Oct 5, 2018

OS400 NetBIOS protocol to be disabled while allowing CIFS to work

Netbios protocol has been deprecated for security reason and from internal security policy we need to disable it.
This problem is already know to IBM :
Opening a RFE in order to restrict the NetBIOS ports and let the NetServer work only on CIFS port.

Use Case:

Our businees user currently use CIFS on our OS400 (version 7.1). We need to improve securty disabling Netbios keeping CIFS working, but currently NetServer needs both NetBIOS and CIFS to be active at the same time to permit fileshare services.

Idea priority High
  • Guest
    Jun 13, 2019

    .This function is included with IBM i 7.4 release, which will be generally available on June 21, 2019.

    The support provided allows NetServer to start while the NetBIOS ports are restricted with the TCP/IP port restriction function. With this environment, NetServer will only accept connections over port 445.

    The following commands will restrict the NetBIOS ports:

    This support has also been made available in 7.2 and 7.3 with the following PTFs.
    7.2 -- SI69106
    7.3 -- SI69107

    The text of the PTF cover letters is as follows. Please read carefully to understand the impacts.

    OSP-INCORROUT Allow IBM i NetServer to start without NetBIOS

    IBM i NetServer requires NetBIOS support for the server to
    start. NetBIOS is often flagged as a security vulnerability in
    network security scans. If the user blocks NetBIOS ports
    137-139 with port restrictions, NetServer will not start.

    IBM i NetServer has been updated to allow the server to start
    when ports 137-139 are blocked with port restrictions.
    NetServer will send a warning message to the QSYSOPR message
    queue to indicate that NetBIOS services are not available, but
    the server job will start and accept TCP connections on port

    The IBM i NetClient file system (QNTC) relies on NetBIOS
    services to auto-populate the /QNTC path with servers. Server
    names will not be automatically added to the /QNTC path if the
    NetBIOS ports are restricted. Servers can be added to the /QNTC
    path manually with the Create Directory (MKDIR) command after
    each system IPL. For example, MKDIR DIR('/QNTC/MyServer').

    It is recommended that NetServer browse announcement support is
    disabled when NetBIOS is blocked to prevent periodic LIC log
    entries related to browse announcements.

  • Guest
    Oct 22, 2018


    Goodnews: I believe you can disable Netbios whilst leaving CIFS running by following the following IBM guidance

    Badnews: If you are still running IBM i 7.1 and using Netserver, you have a much bigger problem, namely you have to have SMBv1 supported on your network! Whilst I do not believe IBM i is not vulnerable to SMBv1 exploits like ExternalBlue ( I believe that most every other Operating System you have connecting to it is.

    If this is the case, I believe you would be well advised to move to 7.2 or greater of IBM i (I know not of this OS/400 of which you speak ;->) where the same guidance given to disable Netbios applies but you can also disable SMBv1

    Hope that helps. Steve

  • Guest
    Oct 8, 2018

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - Power Systems
    Product - IBM i
    Component - IFS (Integrated File System) and Servers
    Operating system - IBM i
    Source - None

    For recording keeping, the previous attributes were:
    Brand - Servers and Systems Software
    Product family - Power Systems
    Product - IBM i
    Component - Networking
    Operating system - IBM i
    Source - None

  • Guest
    Oct 8, 2018

    You could use the build-in OS/400 firewall for doing so.