000037643 - How to enable ping for business critical applications on RSA NetWitness devices

Document created by RSA Customer Support Employee on Jul 11, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037643
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.1.0, 11.2.1.0, 11.3.x
IssueBusiness utilizes monitoring with the use of ping and ICMP.  When business monitoring has priority over the risk of a denial of service attack you can adjust ip_tables to allow ping.
Resolution
  1. SSH into the NetWitness device
  2. Edit the following file /etc/sysconfig/iptables-config

    and set



    IPTABLES_SAVE_ON_STOP="yes"



    IPTABLES_SAVE_ON_RESTART="yes"
     


  3. Run the following command to add to iptables rules:

    iptables -I INPUT 1 -p icmp -j ACCEPT


  4. Restart or stop and start iptables service:
    service iptables stop

    service iptables start


    Or

    service iptables restart

     

     


NotesAdditional RSA community discussion on this subject can be found at the link below:
https://community.rsa.com/thread/196950

Attachments

    Outcomes