Prerequisites
Prerequisites applicable for Firewall Analyzer version 7.5 (Build 7500) onwards
Prerequisites applicable for Firewall Analyzer version 7.4 (Build 7400) or earlier
Prerequisites applicable for Firewall Analyzer version 7.5 (Build 7500) onwards
This topic deals with the following prerequisites for setting up Firewall Analyzer in your enterprise.
Ports to be Freed
Firewall Analyzer requires the following ports to be free:
| Port Number |
Protocol |
Usage |
| 8500 |
HTTP |
This is the default web server port. You will access the Firewall Analyzer
server from a web browser using
this port number. You may change this port during installation. |
| 514, 1514 |
UDP |
These are the default listener ports on which Firewall Analyzer listens
for incoming logs exported from devices. You can add
more ports on which Firewall Analyzer can listen for incoming logs. |
| 33336 |
PostgreSQL |
This is the port used to connect to the PostgreSQL/MySQL database in Firewall Analyzer
|
Recommended System Setup
Apart from the System Requirements,
the following setup would ensure optimal performance from Firewall Analyzer:
- Run Firewall Analyzer on a separate, dedicated machine. The software
is resource-intensive and a busy processor may slow down log collection.
- Use the PostgreSQL bundled with Firewall Analyzer that runs
on port 33336. You need not start another separate instance of PostgreSQL.
Changing Default Ports
Changing the default PostgreSQL port:
- Open the database_param.conf file which is under <Firewall Analyzer Home>\conf directory and replace 33336 (PostgreSQL default port number) in url tag with the <desired port number> to which you want the application to listen the PostgreSQL database
url=jdbc:postgresql://localhost:33336/firewall?stringtype=unspecified
to
url=jdbc:postgresql://localhost:<desired port number>/firewall?stringtype=unspecified |
Changing the default web server port:
- Open the server.xml file present in the <Firewall Analyzer Home>/conf
directory and replace 8500 (HTTP default port number) in connector tag of <Service name="Catalina"> section with the <desired HTTP port number> to which you want the application to use for HTTP communication
<Connector acceptCount="100" connectionTimeout="20000" debug="3" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8500" redirectPort="8443"/>
to
<Connector acceptCount="100" connectionTimeout="20000" debug="3" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="<desired port number>" redirectPort="8443"/> |
- Save the file and restart the server.
Permission to access PostgreSQL to troubleshoot
- Open the pg_hba.conf file which is under <Firewall Analyzer Home>\pgsql\data directory and add the line
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
after the line
host all all 127.0.0.1/32 trust
and save the file.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
to
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
# IPv6 local connections:
host all all ::1/128 trust
|
Prerequisites applicable for Firewall Analyzer version 7.4 (Build 7400) or earlier
Recommended System Setup
Apart from the System Requirements,
the following setup would ensure optimal performance from Firewall Analyzer:
- Run Firewall Analyzer on a separate, dedicated PC or server. The software
is resource-intensive, and a busy processor may cause problems in collecting
logs.
- Use the MySQL bundled with Firewall Analyzer that runs
on port 33336. You need not start another separate instance of MySQL.
Changing Default Ports
Changing the default MySQL port:
- Edit the mysql-ds.xml file present in the <FirewallAnalyzer_Home>/server/default/deploy directory.
-
Change the port number in the following line to the desired port number:
<connection-url>jdbc:mysql://localhost:33336/firewall</connection-url>
- Save the file and restart the server.
Changing the default web server port:
- Edit the sample-bindings.xml file present in the <FirewallAnalyzer_Home>/server/default/conf directory.
- Change the port number in the following line to the desired port number:
<binding port="8500"/>
- Save the file and restart the server.
|
