000036446 - How to add custom firewall rules after nwsetup-tui has completed in RSA NetWitness Logs & Network 11.x

Document created by RSA Customer Support Employee on Jun 15, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036446
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: NetWitness Admin Server
RSA Version/Condition: 11.x
TasksThis article describes how to add custom firewall rules in situations where the requirement for custom firewall rules arises after nwsetup-tui has completed.
ResolutionAdd a customer-firewall line to the /etc/netwitness/config-management/environments/netwitness.json file, which contains persistent data about the environment, by performing the steps below.

  1. Connect to the host via SSH.
  2. Update the netwitness.json file, adding the customer-firewallline.

    The line needs to go between the global header and the mongo sub-header (Please ensure to add comma at the end of the line).

    # vi /etc/netwitness/config-management/environments/netwitness.json

    "global" : {
          "customer-firewall" : true,
          "mongo" : {

  3. Update the iptables and ip6tables files with the custom firewall rules.
    • /etc/sysconfig/iptables
    • /etc/sysconfig/ip6tables
  4. Reload the iptables and ip6tables services.

    # service iptables reload
    # service ip6tables reload

NotesOnce the customer-firewall line is added and persisted in the netwitness.json file on a certain version, it will propagate forward on all future updates.

If all other hosts where do not have this customer-firewall line in their respective netwitness.json file, the line has to be added in order to persist custom firewall rules.