Prerequisites for data gateways

You must meet certain prerequisites before you can use the QRadar® on Cloud gateway appliance.

  • You must have the public host name of the console that you connect to through the gateway appliance. You receive the public host name from IBM®.
  • Ensure that the public IP address of the data gateway appliance is allowlisted in QRadar on Cloud. Allowlist the data gateway appliance before you request the token. For more information, see Allowlisting an IP address.
  • You must have your QRadar on Cloud token. You need a token for each gateway appliance that you want to use to connect to QRadar on Cloud on the IBM cloud. Go to Admin > QRoC Self Serve > Host Token Management in QRadar to retrieve your token. If you do not have a token, see Generating a new token for a data gateway.
  • You must have a download link to the IBM QRadar ISO for your gateway appliance. The download link is at Admin > Hosted QRadar in QRadar.
  • You must have a static IP address to connect to QRadar on Cloud through your gateway appliance. Do not use any IP address in the 192.168.0.0/16 network range.
    The static IP address must be within one of the network CIDR ranges in the following table.
    Table 1. Range of IP addresses for network CIDRs
    Network CIDR Range of IP addresses
    10/8 10.0.0.0 - 10.255.255.255
    172.16/12 172.16.0.0 - 172.31.255.255
  • Your DNS servers must reflect the correct IP address of the Console hostname.
  • Your gateway appliance must be behind a network address translation (NAT) firewall.
  • If your gateway traffic is routed through a proxy server, it must be a transparent or inline proxy server that does not challenge for authentication.
  • You must have adequate bandwidth to send your security data to QRadar on Cloud. On average, 0.72 Mbps is required for 1000 events per second (EPS), 7.2 Mbps for 10,000 EPS. Use the following formula to determine your bandwidth requirements:

    EPS * ((average event size + 200) bytes x 8) / (1000 x 1000 x 10) = Mbps value.

    Example: 1000 * ((700 + 200) x 8) / (1000 x 1000 x 10) = 0.7 Mbps

    The minimum required bandwidth is 40Mbps + the Mbps value calculated by the above formula. These minimum bandwidth requirements also apply to Event Collector appliances.

  • Your gateway appliance must meet the system requirements.
  • You must allow connections to the QRadar Console and VPN Server Public IP on port 443.
  • You must allow established and related traffic to the port 443 connections.
  • You must allow HTTPS and OpenVPN traffic to the port 443 connections.
  • QRadar on Cloud uses a Web Application Firewall (WAF) which might prevent the Data Gateway from retrieving its configuration package. Configure the HTTPS IP address with the fully qualified domain name (FQDN) of the Console in the /etc/hosts file on the Data Gateway.
  • You must have access to Digicert to validate your console certificate (https://www.digicert.com/).
    Important: If your corporate firewall or access control devices are configured to allow only a certain set of IP addresses to be accessed from your network, you must include the following IP addresses:
    • 192.229.211.108
    • 192.229.221.9
    • 152.195.38.76
    • 192.16.49.85