This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

v11 Hosts that need to access LIVE

someone
Contributor
Contributor

‎2019-04-09 05:48 AM

Deployment: Network Architecture and Ports 

 

After looking at the ports on the table I noticed that the only appliance needing to access LIVE is ESA.

 

Further looking at the diagram, it does NOT show that ESA can directly access LIVE.

 

Which of the two is correct and why does the NW server not need to access LIVE? This doesn't make any sense 

 

 

Then for NTP ports, none of the core appliances need an open connection to NW server but only to itself.

 

ArchiverArchiverUDP 123

NTP

Broker

BrokerUDP 123NTP

 

Concentrator

ConcentratorUDP 123NTP

So Broker to Broker, Concentrator to Concentrator etc. No Concentrator to NW server. So how would this work exactly?

8 REPLIES 8

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2019-04-09 08:54 AM

The NW head unit (node 0) does need to access Live

0 Likes

someone
Contributor
Contributor
In response to DaveGlover

‎2019-04-09 09:02 AM

Thanks Dave, that makes perfect sense.

What about the NTP that only need to connect to own host and never to NW server?

How would I trust that everything else is correct when even customers can tell that something is wrong?

 

For every client-server connection you need a client and a server:) So which is the NTP server? every appliance??!

 

Can someone correct this randomized document that has been out for more than a year? 

 

RSA have a history were they were struggling to populate the equivalent architecture document for 10.4. I would have thought that RSA would be a bit more mature 3-4 years later when they talk about Gartner and the likes.

 

We can't just raise change requests based on random information that haven't been proofread (no surprise here sorry). Please correct this joke document, it's damaging your brand.

MaximSiyazov1
Beginner
Beginner

‎2019-04-11 07:12 AM

I had a support case regarding this issue last year which was closed with a promise to correct the port requirements in the documentation and in the application configuration. As a result, only now, after over a half a year,  I can see the requested amendments in the newly released documentation of 11.3. 

NTP port requirement seems to be fixed along with a nonsensical requirement for UDP 50514 on every host, which has been in the documentation and iptables since the SA Audit was introduced many years ago. I hope in v11.3 this rule will be removed from iptables. 

It is a shame RSA does not update the documentation of already released versions. 

MaximSiyazov1
Beginner
Beginner

‎2019-04-11 07:30 AM

Regarding your original question, there was another case early last year where I have suggested that the requirements for the Internet access for each host with a definite list of URLs should be added to deployment documentation. Unfortunately, I still cannot see this information published. 

someone
Contributor
Contributor
In response to MaximSiyazov1

‎2019-04-11 08:36 AM

They might suggest to raise an RFE:)

0 Likes

MaximSiyazov1
Beginner
Beginner
In response to someone

‎2019-04-11 09:05 AM

True but actually it’s my bad this time. I just missed it. Live resources were added to the ports sheets.

0 Likes

someone
Contributor
Contributor
In response to MaximSiyazov1

‎2019-04-11 09:13 AM

Yeah, they were added to the wrong server(ESA) and then they have this green box on top saying that all core should be able to communicate with NW host on 123 and in the table they only list that core communicate with themselves only.

 

I don't blame them, they are still learning. It's difficult to put 1+1 sometimes.

MaximSiyazov1
Beginner
Beginner
In response to someone

‎2019-04-11 09:33 AM

I cannot find online documentation of 11.3 but in the PDF doc ports sheets look better. The diagram is still not perfect. 

Deployment Guide for RSA NetWitness® Platform 11.3 

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.