000036446 - How to add custom firewall rules after nwsetup-tui has completed in RSA NetWitness Logs & Network 11.x

Document created by RSA Customer Support Employee on Jun 15, 2018Last modified by RSA Customer Support Employee on Dec 6, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000036446
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: NetWitness Admin Server
RSA Version/Condition: 11.x
TasksThis article describes how to add custom firewall rules in situations where the requirement for custom firewall rules arises after nwsetup-tui has completed.
ResolutionAdd a customer-firewall line to the /etc/netwitness/config-management/environments/netwitness.json file, which contains persistent data about the environment, by performing the steps below.
  1. Connect to the host via SSH.
  2. Update the netwitness.json file, adding the customer-firewallline.

    The line needs to go between the global header and the mongo sub-header (Please ensure to add a comma at the end of the line).

    # vi /etc/netwitness/config-management/environments/netwitness.json

    "global" : {
          "customer-firewall" : true,
          "mongo" : {

  3. Update the iptables and ip6tables files with the custom firewall rules.
    • /etc/sysconfig/iptables
    • /etc/sysconfig/ip6tables
  4. Reload the iptables and ip6tables services.

    # service iptables reload
    # service ip6tables reload

NotesOnce the customer-firewall line is added and persisted in the netwitness.json file on a certain version, it will propagate forward on all future updates.

This change has to be applied to all hosts where we want to configure custom firewalls rules, otherwise, the firewall rules will not persist.