Access Manager Local Firewall on SLES

Access Manager Local Firewall on SLES

Previously I had posted a script for port redirection on the Identity Server.

I've since found this doesn't work too well when the local SLES firewall is enabled.

The following is a better solution.

First, create a Firewall Service file that contains the necessary ports to open (this assumes the Administration Console and Identity Server run on the one machine - refer to the documentation to adjust as necessary)

vi /etc/sysconfig/SuSEfirewall2.d/services/netiq-access-manager

Add this content to the file:

## Name: NetIQ Access Manager
## Description: Firewall Configuration file for Access Manager

# space separated list of allowed TCP ports
TCP="80 389 443 524 636 1289 1443 2443 8080 8443:8446"

# space separated list of allowed UDP ports
UDP="524"

# space separated list of allowed RPC services
RPC=""

# space separated list of allowed IP protocols
IP=""

# space separated list of allowed UDP broadcast ports
BROADCAST=""

Next, alter the Firewall configuration to perform the port forwarding.

vi /etc/sysconfig/SuSEfirewall2

Find the line:

FW_REDIRECT=""

And change to:

FW_REDIRECT="0/0,0/0,tcp,80,8080 0/0,0/0,tcp,443,8443"

Launch YaST Firewall, and enable. Add Secure Shell Server and NetIQ Access Manager to the Allowed Services for the zone you assigned to the interface.

Apply changes and begin your NetIQ Access Manager product installs.

Labels (2)
Tags (3)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
FW_REDIRECT only seems to handle redirecting traffic that originates remote to the server (which in NAM's case is probably mostly fine). Do you know if there is any way to also get it to redirect traffic local on the box? I can do it without SuSEFirewall but haven't found a way to do it with SuSEFirewall.
No, local traffic doesn't go through the SUSEfirewall.....you'll need to come up with another solution. Refer my similar Cool Solution at https://www.netiq.com/communities/cool-solutions/identity-manager-applications-pat-firewall/
Top Contributors
Version history
Revision #:
4 of 4
Last update:
‎2020-01-31 11:23
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.