How to add custom firewall rules after nwsetup-tui has completed in RSA NetWitness Logs & Network 11.x

Tasks

This article describes how to add custom firewall rules in situations where the requirement for custom firewall rules arises after nwsetup-tui has completed.

Resolution

Add a customer-firewall line to the  /etc/netwitness/config-management/environments/netwitness.json file, which contains persistent data about the environment, by performing the steps below.

1. Connect to the host via SSH.
2. Update the netwitness.json file, adding the customer-firewallline.

   The line needs to go between the global header and the mongo sub-header (Please ensure to add a comma at the end of the line).

   # vi /etc/netwitness/config-management/environments/netwitness.json
   "global" : {
         "customer-firewall" : true,
         "mongo" : {
3. Update the iptables and ip6tables files with the custom firewall rules.
   • /etc/sysconfig/iptables
   • /etc/sysconfig/ip6tables
4. Reload the iptables and ip6tables services.
   # service iptables reload
   # service ip6tables reload

Notes

Once the customer-firewall line is added and persisted in the netwitness.json file on a certain version, it will propagate forward on all future updates.

This change has to be applied to all hosts where we want to configure custom firewalls rules, otherwise, the firewall rules will not persist.

Product Details

RSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: NetWitness Admin Server
RSA Version/Condition: 11.x

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue