NAT-enabled networks

Network address translation (NAT) converts an IP address in one network to a different IP address in another network. NAT provides increased security for your IBM® QRadar® deployment because requests are managed through the conversion process and internal IP addresses are hidden. With NAT, computers that are located on a private, internal network are converted through a network device, typically a firewall, and can communicate to the public internet through that network. Use NAT to map individual internal IP addresses to individual external IP addresses.

QRadar NAT configuration requires static NAT and allows only one public IP address per managed host.

Any QRadar host that is not in the same NAT group with its peer, or is in a different NAT group, is configured to use the public IP address of that host to reach it. For example, when you configure a public IP address on the QRadar Console, any host that is located in the same NAT group uses the private IP address of the QRadar Console to communicate. Any managed host that is located in a different NAT group uses the public IP address of the QRadar Console to communicate.

If you have a host in one of these NAT group locations that does not require external conversion, enter the private IP address in both the Private IP and Public IP fields. Systems in remote locations with a different NAT group than the console still require an external IP address and NAT, because they need to be able to establish connections to the console. Only hosts that are located in the same NAT group as the console can use the same public and private IP addresses.