|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics UI, Security Analytics Server
RSA Version/Condition: 10.4.x
O/S Version: EL6
|Issue||The following symptoms are seen:|
- The Investigation screen shows a "Loading Values" message but no results are displayed regardless of the amount of time that has elapsed.
- The /var/log/messages file on the concentrator shows queries being queued and executed quickly.
- The physical link layer appears to be slower than normal.
- The browser is on a different subnet to the SA Server, and there is a proxy between the two devices.
|Tasks||A proxy or other web security device can block the connection to the SA GUI Server.|
Although some content is displayed, some may also be blocked.
A direct connection to the SA GUI Server, which bypasses any type of proxy or tunnel, can be used to confirm this issue.
|Resolution||To simulate a direct connection to the SA Server, use Putty to SSH to the SA GUI Server and then create a tunnel. This is done as follows.|
In this example the IP address of the SA GUI Server is 192.168.123.4
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
- Create a normal SSH Connection in Putty to the server and SAVE the connection
- Under SSH Tunnel configure the following. This will tunnel all connections made on the browser computer localhost port 2000 down the tunnel to the SA GUI Server on port 443.
- Make sure that You click on Session and SAVE to save these settings
- Open the connection that you created and log in to the SSH Session as the root user.
- Open a browser and type https://localhost:2000
- You will now be directed to the Security Analytics GUI. All traffic is being sent encrypted via the SSH Tunnel and so cannot be intercepted by any web proxy or other device. As a result you are testing directly.