--- doc/build/RHEL7_install.frag	2019/12/03 00:46:07	1.4
+++ doc/build/RHEL7_install.frag	2021/03/13 20:58:10	1.5
@@ -89,9 +89,22 @@ Finish installing your server, reboot it
 </p>
 <h3>Firewall Configuration</h3>
 <p>
-LON-CAPA uses the traditional iptables package instead of the recent Firewalld, included for the
-first time with RHEL7.  Accordingly, you should install iptables-services, disable firewalld,
-and enable iptables.  
+Starting with LON-CAPA 2.11.3 you have the option of using either firewalld or iptables to
+manage the Firewall on your RHEL7 server/VM, as both are compatible with LON-CAPA's
+port management.</p>
+<p>Enable access to standard web server ports (i.e., http and https) as follows if using
+firewalld:</p>
+<pre>
+systemctl enable firewalld
+systemctl start firewalld
+firewall-cmd --zone=public --permanent --add-service=http
+firewall-cmd --zone=public --permanent --add-service=https
+firewall-cmd --reload
+</pre>
+<p>If you prefer to use the traditional iptables package instead of the default firewalld,
+you will need to install iptables-services, disable firewalld, enable iptables, and then
+use the system-config-firewall-tui tool to configure the Firewall.
+</p>
 <pre>
 yum install iptables-services
 systemctl mask firewalld
@@ -100,13 +113,26 @@ systemctl enable ip6tables
 systemctl stop firewalld
 systemctl start iptables
 systemctl start ip6tables
+</pre>
+<p>
+If you have a subscription to Red Hat you can use subscription-manager to enable the
+rhel-7-server-optional-rpms, and then install system-config-firewall-tui.
+</p>
+<pre>
+subscription-manager repos --enable rhel-7-server-optional-rpms
+yum install system-config-firewall-tui
+</pre>
+<p>If your server/VM does not currently have a Red Hat subscription you can install wget,
+then download system-config-firewall-tui from the LON-CAPA installation site and install it.
+</p> 
+<pre> 
 yum install wget
 rpm --import http://install.loncapa.org/versions/redhat/RPM-GPG-KEY-loncapa
 wget http://install.loncapa.org/versions/redhat/7Server/system-config-firewall-tui-1.2.29-10.el7.noarch.rpm
 yum localinstall system-config-firewall-tui-1.2.29-10.el7.noarch.rpm
 </pre>
 <p>
-The system-config-firewall-tui tool should be used to configure the Firewall.
+If using iptables, use the system-config-firewall-tui tool to configure the Firewall.
 </p>
 <pre>
 system-config-firewall-tui
@@ -139,6 +165,7 @@ Reboot your system before continuing wit
 Retrieve the rhel7_loncapa_yum file from the LON-CAPA install site:
 </p>
 <pre>
+yum install wget
 wget http://install.loncapa.org/versions/redhat/7Server/rhel7_loncapa_yum.conf
 </pre>
 <p>