Configuring AppScan Enterprise for IPv6

AppScan Enterprise version 10.11.0 and later supports deployment in IPv6 environments. To make sure the Liberty server, the database, and scanning agents communicate properly, configure the Java Virtual Machine (JVM) settings and server configuration files manually after installation.

Before you begin

Note:
AppScan Enterprise supports dual-stack (IPv4/IPv6) and IPv6-only environments. Make sure your network infrastructure and operating system are fully validated for IPv6 before disabling the IPv4 stack.
Important:
Don't mix hostnames and IP addresses across components. Use either hostnames or IPv6 addresses consistently in your configuration to prevent connectivity issues.
  • Product version: Make sure you have installed AppScan Enterprise version 10.11.0 or later.
  • Operating system: Make sure IPv6 is enabled and configured correctly in the host operating system.

About this task

To configure the AppScan Enterprise Liberty server to use IPv6 interfaces, update the server.xml and jvm.options files, and configure the database connectivity.

Procedure

  1. Stop the AppScan Enterprise service.
  2. Go to the Liberty server configuration directory: <install-dir>\AppScan Enterprise\Liberty\usr\servers\ase\.
  3. Open server.xml in a text editor.
  4. Find the <httpEndpoint> element and change the host attribute to "::".
    Example: 
    <httpEndpoint id="defaultHttpEndpoint" host="::" httpPort="9080" httpsPort="9443" />
    Note:
    Setting the host to "::" makes sure the server listens on all available IPv6 and IPv4 interfaces. This setting resolves issues where the server might stick to a link-local address (fe80::).
  5. Save and close server.xml.
  6. Open jvm.options in a text editor (located in the same directory).
  7. Add the following lines to the end of the file to prioritize the IPv6 stack: 
    -Djava.net.preferIPv4Stack=false
                        -Djava.net.preferIPv6Addresses=true
  8. Save and close jvm.options.
  9. Run the AppScan Enterprise Configuration Wizard.
  10. On the Database Connection page, in the SQL Server Hostname or IP Address box, do one of the following:
    • If you use a hostname, make sure the hostname resolves to an IPv6 address in your DNS or local hosts file (C:\Windows\System32\drivers\etc\hosts).
    • If you use a raw IPv6 address, enclose the address in brackets.

    Correct: [2001:db8::1234]

    Incorrect: 2001:db8::1234

  11. Optional: If you integrate AppScan Enterprise with ServiceNow in an IPv6 environment, configure the ServiceNow plugin. See Configuring the ServiceNow plugin for IPv6.

Results

The AppScan Enterprise server is now configured to communicate over IPv6. Verify this in one of two ways:

  • Check the Liberty logs to confirm that the server is listening on the global IPv6 address.
  • Use a network protocol analyzer (such as Wireshark) to confirm that traffic flows over IPv6 without falling back to IPv4.

If the Liberty server is reachable only through the link-local IPv6 address (starting with fe80::), see Liberty server not reachable over global IPv6 address.