--- doc/build/RHEL7_install.frag	2014/06/30 16:28:32	1.3
+++ doc/build/RHEL7_install.frag	2021/03/13 20:58:10	1.5
@@ -89,9 +89,22 @@ Finish installing your server, reboot it
 </p>
 <h3>Firewall Configuration</h3>
 <p>
-LON-CAPA uses the traditional iptables package instead of the recent Firewalld, included for the
-first time with RHEL7.  Accordingly, you should install iptables-services, disable firewalld,
-and enable iptables.  
+Starting with LON-CAPA 2.11.3 you have the option of using either firewalld or iptables to
+manage the Firewall on your RHEL7 server/VM, as both are compatible with LON-CAPA's
+port management.</p>
+<p>Enable access to standard web server ports (i.e., http and https) as follows if using
+firewalld:</p>
+<pre>
+systemctl enable firewalld
+systemctl start firewalld
+firewall-cmd --zone=public --permanent --add-service=http
+firewall-cmd --zone=public --permanent --add-service=https
+firewall-cmd --reload
+</pre>
+<p>If you prefer to use the traditional iptables package instead of the default firewalld,
+you will need to install iptables-services, disable firewalld, enable iptables, and then
+use the system-config-firewall-tui tool to configure the Firewall.
+</p>
 <pre>
 yum install iptables-services
 systemctl mask firewalld
@@ -100,13 +113,26 @@ systemctl enable ip6tables
 systemctl stop firewalld
 systemctl start iptables
 systemctl start ip6tables
+</pre>
+<p>
+If you have a subscription to Red Hat you can use subscription-manager to enable the
+rhel-7-server-optional-rpms, and then install system-config-firewall-tui.
+</p>
+<pre>
+subscription-manager repos --enable rhel-7-server-optional-rpms
+yum install system-config-firewall-tui
+</pre>
+<p>If your server/VM does not currently have a Red Hat subscription you can install wget,
+then download system-config-firewall-tui from the LON-CAPA installation site and install it.
+</p> 
+<pre> 
 yum install wget
 rpm --import http://install.loncapa.org/versions/redhat/RPM-GPG-KEY-loncapa
 wget http://install.loncapa.org/versions/redhat/7Server/system-config-firewall-tui-1.2.29-10.el7.noarch.rpm
 yum localinstall system-config-firewall-tui-1.2.29-10.el7.noarch.rpm
 </pre>
 <p>
-The system-config-firewall-tui tool should be used to configure the Firewall.
+If using iptables, use the system-config-firewall-tui tool to configure the Firewall.
 </p>
 <pre>
 system-config-firewall-tui
@@ -121,6 +147,12 @@ system-config-firewall-tui
 
 <h2>4. <a name="upd">Update your system</a></h2>
 <p>
+Enable access to the EPEL repository
+</p>
+<pre>
+yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+</pre>
+<p>
 Update your system to the latest versions of the system software using yum.
 </p>
 <pre>
@@ -133,6 +165,7 @@ Reboot your system before continuing wit
 Retrieve the rhel7_loncapa_yum file from the LON-CAPA install site:
 </p>
 <pre>
+yum install wget
 wget http://install.loncapa.org/versions/redhat/7Server/rhel7_loncapa_yum.conf
 </pre>
 <p>
@@ -143,6 +176,23 @@ mv /etc/yum.conf /etc/yum.conf.backup
 cp rhel7_loncapa_yum.conf /etc/yum.conf
 yum update
 </pre>
+<p>
+Verify the required repositories are enabled:
+</p>
+<pre>
+yum repolist enabled
+</pre>
+<p>
+The list of enabled repos should be as follows:
+</p>
+<table style="border: 0px; border-collapse: collapse;">
+<tr><th>repo id</th><th>repo name</th></tr>
+<tr><td>epel</td><td>Extra Packages for Enterprise Linux 7 - x86_64</td></tr>
+<tr><td>loncapa-updates-basearch</td><td>RHEL 7Server LON-CAPA x86_64 Updates</td></tr>
+<tr><td>loncapa-updates-noarch</td><td>RHEL 7Server LON-CAPA noarch Updates</td></tr>
+<tr><td>rhel-x86_64-server-7 </td><td>Red Hat Enterprise Linux Server (v. 7 for x86_64)<td></tr>
+<tr><td>rhel-x86_64-server-optional-7</td><td>RHEL Server Optional (v. 7 x86_64)</td></tr>
+</table>
 
 <h3>Configure SELinux</h3>
 <p>