How to bind specific interface of the machine to Firewall Analyzer application?


    For customers of version 7.5 or higher

    Note:
    • In Windows, to comment a line in the batch (.bat) file prefix 'rem' to the line and to uncomment remove the 'rem' in the beginning of the line.
    • In Linux, to comment a line in the script (.sh) file prefix '#' to the line and to uncomment remove the '#' in the beginning of the line.

    For Windows Machine: (running as application and not as service)

    • Shutdown Firewall Analyzer.
    • Open the run.bat file which is under <Firewall Analyzer Home>bin directory and go to "RESTART Command block", uncomment the below RESTART command line and replace <ip-address> with the IP address to which you want to bind the application, comment the existing RESTART command line and save the file.
       
      rem %JAVA% %JAVA_OPTS% -cp "%CLASS_PATH%" com.adventnet.mfw.Starter %SAFE_START% -c default -b <ip-address>
      to
      %JAVA% %JAVA_OPTS% -cp "%CLASS_PATH%" com.adventnet.mfw.Starter %SAFE_START% -c default -b <ip-address>
       
      %JAVA% %JAVA_OPTS% -cp "%CLASS_PATH%" com.adventnet.mfw.Starter %SAFE_START%
      to
      rem %JAVA% %JAVA_OPTS% -cp "%CLASS_PATH%" com.adventnet.mfw.Starter %SAFE_START%
    • Open setcommonenv.bat file which is under <Firewall Analyzer Home>bin directory and go to "JAVA_OPTS Setting command Block", uncomment the below JAVA_OPTS setting command line and replace <ip-address> with the IP address to which you want to bind the application and comment the existing JAVA_OPTS setting command.
       
      rem set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms128m -Xmx512m -Dspecific.bind.address=<ip-address>
      to
      set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms128m -Xmx512m -Dspecific.bind.address=<ip-address>
       
      set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms256m -Xmx1024m
      to
      rem set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms256m -Xmx1024m
    • Save the file
    • Open the database_param.conf file which is under <Firewall Analyzer Home>conf directory and replace localhost in url tag with the <binding IP address> to which you want to bind the application and save the file.
       
      url=jdbc:postgresql://localhost:33336/firewall?stringtype=unspecified
      to
      url=jdbc:postgresql://<binding IP address>:33336/firewall?stringtype=unspecified 
    • Open the postgresql.conf file which is under <Firewall Analyzer Home>pgsqldata directory and uncomment the line '#listen_addresses = 'localhost'' in the CONNECTIONS AND AUTHENTICATION section and replace the 'localhost' with the '<binding IP address>' to which you want to bind the application and save the file.
       
      #------------------------------------------------------------------------------
      # CONNECTIONS AND AUTHENTICATION
      #------------------------------------------------------------------------------
      # - Connection Settings -
      #listen_addresses = 'localhost' # what IP address(es) to listen on;
      # comma-separated list of addresses;
      # defaults to 'localhost'; use '*' for all
      # (change requires restart)
       
      to
       
      #------------------------------------------------------------------------------
      # CONNECTIONS AND AUTHENTICATION
      #------------------------------------------------------------------------------
      # - Connection Settings -
      listen_addresses = <binding IP address> # what IP address(es) to listen on;
      # comma-separated list of addresses;
      # defaults to 'localhost'; use '*' for all
      # (change requires restart) 
    • Open the pg_hba.conf file which is under <Firewall Analyzer Home>pgsqldata directory and add the line
    host all all <binding IP address in IPv4 format>/32 trust
    after the line
    host all all 127.0.0.1/32 trust 

    and save the file.

    # TYPE DATABASE USER ADDRESS METHOD
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
     
    to
     
    # TYPE DATABASE USER ADDRESS METHOD
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    host all all <binding IP address in IPv4 format>/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
    • Restart Firewall Analyzer.

     

    For Windows machine (running as service)

    • Stop the Firewall Analyzer service.
    • Open setcommonenv.bat file which is under <Firewall Analyzer Home>bin directory and go to "JAVA_OPTS Setting command Block", uncomment the below JAVA_OPTS setting command line and replace <ip-address> with the IP address to which you want to bind the application and comment the existing JAVA_OPTS setting command.
       
      rem set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms128m -Xmx512m -Dspecific.bind.address=<ip-address>
      to
      set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms128m -Xmx512m -Dspecific.bind.address=<ip-address>
       
      set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms256m -Xmx1024m
      to
      rem set JAVA_OPTS=-Djava.library.path=..lib;..libnative -DpdfReport=false -Duser.country=US -Duser.language=en -DminDiskSpace=5 -Xms256m -Xmx1024m
    • Save the file
    • Open the wrapper.conf file which is under <Firewall Analyzer Home>serverconf and go to "Adding Application Parameters Block", uncomment the below Application Parameters from 2 to 5 and replace <ip-address> in 4th and 5th Application Parameter with the IP address to which you want to bind the application and save the file.
    wrapper.app.parameter.1=com.adventnet.mfw.Starter
    #wrapper.app.parameter.2=-L../lib/AdventNetDeploymentSystem.jar
    #wrapper.app.parameter.3=-c default
    #wrapper.app.parameter.4=-b <ip-address>
    #wrapper.app.parameter.5=-Dspecific.bind.address=<ip-address>
    • Open the database_param.conf file which is under <Firewall Analyzer Home>conf directory and replace localhost in url tag with the <binding IP address> to which you want to bind the application and save the file.
       
      url=jdbc:postgresql://localhost:33336/firewall?stringtype=unspecified
      to
      url=jdbc:postgresql://<binding IP address>:33336/firewall?stringtype=unspecified
    • Open the postgresql.conf file which is under <Firewall Analyzer Home>pgsqldata directory and uncomment the line '#listen_addresses = 'localhost'' in the CONNECTIONS AND AUTHENTICATION section and replace the 'localhost' with the '<binding IP address>' to which you want to bind the application and save the file.
       
      #------------------------------------------------------------------------------
      # CONNECTIONS AND AUTHENTICATION
      #------------------------------------------------------------------------------
      # - Connection Settings -
      #listen_addresses = 'localhost' # what IP address(es) to listen on;
      # comma-separated list of addresses;
      # defaults to 'localhost'; use '*' for all
      # (change requires restart)
       
      to
       
      #------------------------------------------------------------------------------
      # CONNECTIONS AND AUTHENTICATION
      #------------------------------------------------------------------------------
      # - Connection Settings -
      listen_addresses = <binding IP address> # what IP address(es) to listen on;
      # comma-separated list of addresses;
      # defaults to 'localhost'; use '*' for all
      # (change requires restart)
    • Open the pg_hba.conf file which is under <Firewall Analyzer Home>pgsqldata directory and add the line
    host all all <binding IP address in IPv4 format>/32 trust
    after the line
    host all all 127.0.0.1/32 trust

    and save the file.

    # TYPE DATABASE USER ADDRESS METHOD
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
     
    to
     
    # TYPE DATABASE USER ADDRESS METHOd
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    host all all <binding IP address in IPv4 format>/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
    • Restart Firewall Analyzer

    For Linux Machine: (running as application and not as service)

    • Shutdown Firewall Analyzer.
    • Open the run.sh file which is under <Firewall Analyzer Home>/bin directory and replace the existing jboss main arguments "-LAdventNetDeploymentSystem.jar" with these arguments "-LAdventNetDeploymentSystem.jar" "-c default" "-b <ip-address>" and replace <ip-address> with the ip-address to which you want to bind your application and save the file.

      Before changing, the jboss main arguments will be

      org.jboss.Main "-LAdventNetDeploymentSystem.jar"

      After changing the arguments, it will be

      org.jboss.Main "-LAdventNetDeploymentSystem.jar" "-c default" "-b <ip-address>"
    • Open setcommonenv.sh file which is under <Firewall Analyzer Home>/bin directory and go to "JAVA_OPTS Setting command Block", uncomment the below JAVA_OPTS setting command and replace <ip-address> with the IP address to which you want to bind the application and comment the existing JAVA_OPTS setting command and save the file.
       
      #JAVA_OPTS="-Djava.awt.headless=true -DpdfReport=false -Duser.language=en -Duser.country=US -DminDiskSpace=5 -Djava.library.path=../lib:../lib/native -Xms128m -Xmx512m -Dspecific.bind.address=<ip-address>"
      to
      JAVA_OPTS="-Djava.awt.headless=true -DpdfReport=false -Duser.language=en -Duser.country=US -DminDiskSpace=5 -Djava.library.path=../lib:../lib/native -Xms128m -Xmx512m -Dspecific.bind.address=<ip-address>"

      JAVA_OPTS="-Djava.awt.headless=true -DpdfReport=false -Duser.language=en -Duser.country=US -DminDiskSpace=5 -Djava.library.path=../lib:../lib/native -Xms256m -Xmx1024m"
      to
      #JAVA_OPTS="-Djava.awt.headless=true -DpdfReport=false -Duser.language=en -Duser.country=US -DminDiskSpace=5 -Djava.library.path=../lib:../lib/native -Xms256m -Xmx1024m"
    • Open the database_param.conf file which is under <Firewall Analyzer Home>conf directory and replace localhost in url tag with the <binding IP address> to which you want to bind the application and save the file.
       
      url=jdbc:postgresql://localhost:33336/firewall?stringtype=unspecified
      to
      url=jdbc:postgresql://<binding IP address>:33336/firewall?stringtype=unspecified
    • Open the postgresql.conf file which is under <Firewall Analyzer Home>pgsqldata directory and uncomment the line '#listen_addresses = 'localhost'' in the CONNECTIONS AND AUTHENTICATION section and replace the 'localhost' with the '<binding IP address>' to which you want to bind the application and save the file.
    #------------------------------------------------------------------------------
    # CONNECTIONS AND AUTHENTICATION
    #------------------------------------------------------------------------------
    # - Connection Settings -
    #listen_addresses = 'localhost' # what IP address(es) to listen on;
    # comma-separated list of addresses;
    # defaults to 'localhost'; use '*' for all
    # (change requires restart)
     
    to
     
    #------------------------------------------------------------------------------
    # CONNECTIONS AND AUTHENTICATION
    #------------------------------------------------------------------------------
    # - Connection Settings -
    listen_addresses = <binding IP address> # what IP address(es) to listen on;
    # comma-separated list of addresses;
    # defaults to 'localhost'; use '*' for all
    # (change requires restart)
    • Open the pg_hba.conf file which is under <Firewall Analyzer Home>pgsqldata directory and add the line 
    host all all <binding IP address in IPv4 format>/32 trust
    after the line
    host all all 127.0.0.1/32 trust

    and save the file.

    # TYPE DATABASE USER ADDRESS METHOD
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
     
    to
     
    # TYPE DATABASE USER ADDRESS METHOD
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    host all all <binding IP address in IPv4 format>/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
    • Restart Firewall Analyzer
    Note:

    To shutdown Firewall Analyzer use the below command
        ./shutdown.sh -S -s <ip-address>:<jndi-port>

    where <jndi-port> in the above command is the one which you have set in sample-bindings.xml

    Ensure that the following two conditions are met:

    1. In .etc/nsswitch.conf file you need to ensure the below line:

    hosts:          files dns

    i.e. it should be in the order 'files' and 'dns' not the reverse as 'dns' and 'files'.
    i.e. it should not be     hosts:     dns files

    1. In .etc/hosts file add the below one as the first line

    <binded-ip-address>  localhost

    Replace <binded-ip-address> with the ip-address to which you want to bind your application.

    For Linux Machine: (running as service)

    • Open the postgresql.conf file which is under <Firewall Analyzer Home>pgsqldata directory and uncomment the line '#listen_addresses = 'localhost'' in the CONNECTIONS AND AUTHENTICATION section and replace the 'localhost' with the '<binding IP address>' to which you want to bind the application and save the file.
       
      #------------------------------------------------------------------------------
      # CONNECTIONS AND AUTHENTICATION
      #------------------------------------------------------------------------------
      # - Connection Settings -
      #listen_addresses = 'localhost' # what IP address(es) to listen on;
      # comma-separated list of addresses;
      # defaults to 'localhost'; use '*' for all
      # (change requires restart)
       
      to
       
      #------------------------------------------------------------------------------
      # CONNECTIONS AND AUTHENTICATION
      #------------------------------------------------------------------------------
      # - Connection Settings -
      listen_addresses = <binding IP address> # what IP address(es) to listen on;
      # comma-separated list of addresses;
      # defaults to 'localhost'; use '*' for all
      # (change requires restart)
    • Open the pg_hba.conf file which is under <Firewall Analyzer Home>pgsqldata directory and add the line 
    host all all <binding IP address in IPv4 format>/32 trust
    after the line
    host all all 127.0.0.1/32 trust 

    and save the file. 

    # TYPE DATABASE USER ADDRESS METHOD
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
     
    to
     
    # TYPE DATABASE USER ADDRESS METHOD
    # IPv4 local connections:
    host all all 127.0.0.1/32 trust
    host all all <binding IP address in IPv4 format>/32 trust
    # IPv6 local connections:
    host all all ::1/128 trust
    • Restart Firewall Analyzer