This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Link Virtual Decoder to Physical Decoder

ClementCheeSeng
Beginner
Beginner

‎2017-10-11 10:07 AM

Hi All,

           Currently my SA setup is as per below:

                Virtual Decoder ----> Physical Decoder

             I would need to change to the following:

                Virtual Decoder ----> Data Diode -----> Physical Decoder

              Where do i go to perform the change to point the Virtual Decoder to the Data Diode ? 

 

 

 

0 Likes
4 REPLIES 4

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2017-10-11 10:12 AM

Clement

 

Log Decoders do not point to other Log Decoders.  The typical Flow is VLC -> Log Decoder -> Concentrator.

 

Can you please clarify exactly what you have?

 

Thanks

 

Dave

0 Likes

ClementCheeSeng
Beginner
Beginner
In response to DaveGlover

‎2017-10-11 10:21 AM

Hi Dave,

                My Data Flow is VLC -> Virtual  Log Decoder -> Data diode -> Physical  Log Decoder ->Concentrator.  

                 The Data Diode is use to force data to go in one direction only.

               

                 Or are you able to advise where do  i go to change the configuration of the VLC --> Log decoder  and  Log Decoder -> Concentrator ?

                 

Thanks 

Clement 

0 Likes

JohnKisner
Valued Contributor Valued Contributor
Valued Contributor

‎2017-10-12 12:37 PM

Clement,

Netwitness does not support having items like Data Diodes between the appliances. Data has to flow in both directions between the services. Putting something like this between the services, is not a tested configuration and RSA Netwitness Support will not be able to provide support for troubleshooting issues between any VLC and Log Decoder that has a Data Diode between them.

 

If you do figure out a way to configure this, you do so at your own risk. If troubleshooting is require for issues that appear after such a configuration you may be asked to restore the original supported configuration before any troubleshooting can be performed.

0 Likes

EricPartington
Employee
Employee

‎2017-10-12 03:53 PM

IF the source traffic is syslog can you use an rsyslog server inside your protected zone to collect and forward the logs over syslog on the ports you mentioned (514, 515 or 516) to your NW systems on the other side of the data diode?  UDP 514 would be one way only (with the risk of loss if something failed) and would satisfy your requirement.  That way you have one central spot that you can point to (replacing the VLC) and forward over a protocol that is friendlier to the data diode (I hope) than trying to for VLC into one way communication which will not work well (if at all).  There is a ports and service page listed here which shows the ports and directionality required (one way from VLC is not how the system was designed).

 

https://community.rsa.com/docs/DOC-42654

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.