000030420 - Connectivity between ESA and Security Analytics 10.4 server may be affected due to a typo in an iptables entry

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030420
Applies ToRSA Security Analytics

RSA Security Analytics  10.4.1 / 10.4.1.1

RSA Security Analytics Event Stream Analysis
IssueSecurity Analytics ESA devices may experience intermittent connectivity issues in the "Appliances" and "Services" views, as well as other areas of the UI.
CauseDue to the nature of the error, the user will not know if they are affected by simply listing the active iptables on the ESA appliance itself. The error is occurs on a variable inside a configuration file residing on the SA server, and it is this variable that is responsible for managing iptables for all appliances.

 
ResolutionSSH to the SA server appliance:
1. vi /etc/puppet/modules/esa/manifests/init.pp
2. Find the section where it says:

firewall {'2 ESA ActiveMQ OUT':
chain => 'OUTPUT',
outiface => $managment_interface,
proto => 'tcp',
sport => 50030,
state => 'ESTABLISHED',
action => 'accept'


3. Add the missing 'e' in the word 'management' as highlighted bellow:
firewall {'2 ESA ActiveMQ OUT':

chain => 'OUTPUT',
outiface => $management_interface,
proto => 'tcp',
sport => 50030,
state => 'ESTABLISHED',
action => 'accept'


4. Save and exit. 
5. The configurations are pushed every 30 minutes to the appliances so there is no need to perform any further actions.
 

Attachments

    Outcomes