NetWitness Community

GayathriPulla · ‎2018-06-12

Hi Team,
We are not able to ping the servers after the upgradation is finished eventhough services are running fine. Is it disabled?? or we have to do something..

NaushadKasu1 · ‎2018-06-12

ICMP by default is disabled in 11.x. You can add rules in /etc/netwitness/firewall.cfg to enable if you want ping to respond.

Sent from my iPhone

RomanBrandt · ‎2018-06-12

I am having the same issue and I added a new line in the firewall.cfg file and restartet the iptables.service. But the new rule is not loaded. How and when is the firewall.cfg loaded and what happens with the file /etc/sysconfig/iptables ?

Best Regards,

Roman

DavidPoirier · ‎2018-06-12

Hello Roman,

what is /etc/sysconfig/iptables-config showing for?

IPTABLES_SAVE_ON_STOP

IPTABLES_SAVE_ON_RESTART

are those set to yes or no

change them to yes and modify the rules then reboot... see if they persist

make a back up of the file just in case an update overwrites the file.

David C. Poirier

Principal Engineer Technical Support

RSA the Security Division of EMC

(781) 515-7757

Fax: 781-515-7710

David.Poirier@rsa.com<mailto:David.Poirier@rsa.com>

RomanBrandt · ‎2018-06-12

Thanks for the fast answer.

Both Settings are set to no. But how does this change involve the firewall.cfg file? Where is set that this firewall.cfg file is loaded?

Best Regards,

Roman

DavidPoirier · ‎2018-06-12

Hi,

The firewall.cfg is used by Chef at the initial setup, if you change the values to Yes , you will see better results.

David

David C. Poirier

Principal Engineer Technical Support

RSA the Security Division of EMC

(781) 515-7757

Fax: 781-515-7710

David.Poirier@rsa.com<mailto:David.Poirier@rsa.com>

RomanBrandt · ‎2018-06-12

Ok. This did not work. I did the following:

Add a new rule to the /etc/netwitness/firewall.cfg file.

I set both options IPTABLES_SAVE_ON_STOP and IPTABLES_SAVE_ON_RESTART to "yes"

I restartet the iptable.service

What worked was to use the iptable command, add the rule there and restart the service.

Thanks for all your help!

DavidPoirier · ‎2018-06-12

Hi,

The firewall,.cfg is used on the initial installation, I am glad that you have it working.

David

David C. Poirier

Principal Engineer Technical Support

RSA the Security Division of EMC

(781) 515-7757

Fax: 781-515-7710

David.Poirier@rsa.com<mailto:David.Poirier@rsa.com>

VincentWareham · ‎2018-06-14

As mentioned previously ICMP (ping) is disabled in NW11.x for additional security, but it can be re-enabled with commands like,

iptables -I INPUT 1 -p icmp -j ACCEPT
iptables save

If you also want to allow IPv6 ping then the commands would be like,

ip6tables -I INPUT 1 -p icmpv6 -j ACCEPT
ip6tables save

Anonymous · ‎2018-06-21

After adding the custom firewall rules, it requires to confirm whether customer-firewall line is added to the /etc/netwitness/config-management/environments/netwitness.json file. Otherwise the custom firewall rules will be reset to default firewall rule defined in /etc/netwitness/firewall.cfg.

Please refer to KB below for more detailed information.

https://community.rsa.com/docs/DOC-93651

NetWitness Community

Ping check not happening after upgradation to 11.1