Firewall Analyzer - Prerequisites

    Prerequisites applicable for Firewall Analyzer version 12.0 (Build 12000) onwards

    This topic deals with the following prerequisites for setting up Firewall Analyzer in your enterprise.

    Ports to be Freed

    Firewall Analyzer requires the following ports to be free:

    Port Number Usage
    8060 This is the default web server port. You will access the Firewall Analyzer server from a web browser using this port number. You may change this port during installation.

    1514

    		 These are the default listener ports on which Firewall Analyzer listens for incoming logs exported from devices. You can add more ports on which Firewall Analyzer can listen for incoming logs.
    13306 This is the port used to connect to the PostgreSQL database in Firewall Analyzer

     

    Look up Changing Default Ports for help on changing the default ports used by Firewall Analyzer

    Recommended System Setup

    Apart from the System Requirements, the following setup would ensure optimal performance from Firewall Analyzer:

    • Run Firewall Analyzer on a separate, dedicated machine. The software is resource-intensive and a busy processor may slow down log collection.
    • Use the PostgreSQL bundled with Firewall Analyzer that runs on port 13306. You need not start another separate instance of PostgreSQL.

    Changing Default Ports

    Changing the default PostgreSQL port:

    • Open the database_param.conf file which is under <Firewall Analyzer Home>conf directory and replace 13306 (PostgreSQL default port number) in url tag with the <desired port number> to which you want the application to listen the PostgreSQL database

    url=jdbc:postgresql://localhost:13306/firewall?stringtype=unspecified

    to

    url=jdbc:postgresql://localhost:<desired port number>/firewall?stringtype=unspecified
    • Save the file

    Changing the default web server port:

    • Open the server.xml file present in the <Firewall Analyzer Home>/conf directory and replace 8060 (HTTP default port number) in connector tag of <Service name="Catalina"> section with the <desired HTTP port number> to which you want the application to use for HTTP communication

    <Connector acceptCount="100" connectionTimeout="20000" debug="3" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8500" redirectPort="8443"/>

    to

    <Connector acceptCount="100" connectionTimeout="20000" debug="3" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="<desired port number>" redirectPort="8443"/>
    • Save the file and restart the server

    Permission to access PostgreSQL to troubleshoot

    • Open the pg_hba.conf file which is under <Firewall Analyzer Home>pgsqldata directory and add the line

    host all all <IP address of the remote machine to be used to trouble shoot>/32 trust 

    after the line 

    host all all 127.0.0.1/32 trust

     and save the file. 

    # TYPE DATABASE USER ADDRESS METHOD

    # IPv4 local connections:

    host all all 127.0.0.1/32 trust

    # IPv6 local connections:

    host all all ::1/128 trust

    to

    # TYPE DATABASE USER ADDRESS METHOD

    # IPv4 local connections:

    host all all 127.0.0.1/32 trust

    host all all <IP address of the remote machine to be used to trouble shoot>/32 trust

    # IPv6 local connections:

    host all all ::1/128 trust