IBM Support

Configure NAT Groups using the QRadar Console's Public IP address

How To


Summary

The purpose of this article is to help administrators to configure QRadar® NAT Groups when the Console must be reachable through a Public IP.

Environment

To configure this integration, the administrator must have:
  1. A NAT device in between translating the Public IP to the Private IP of the Console and vice-versa. The NAT configuration must be static one-to-one.
  2. The firewall devices involved in the connection must allow port 22 from the Console's Public IP to the managed hosts.
IMPORTANT: This technote assumes that all the managed hosts in the deployment have encryption enabled. If any of the managed hosts don't have encryption enabled, the firewall devices must grant the connection to all the ports from the Console's Public IP.
 

Steps

Note: The following IPs are only meant to illustrate the configuration. All of them are considered "Private IPs" by the RFC 1918. The administrator must change the IPs to match its deployment accordingly.
 
Deployment Overview
Console Private IP = 10.11.12.254
Console Public IP = 172.16.12.100
Console NAT Group (Location) = Main Office

Event Processor (EP) Private IP = 192.168.12.101
Event Processor (EP ) Public IP = 172.16.12.101
Event Processor (EP ) NAT Group (Location) = Branch1
Connectivity Verification and considerations
Note: Before enabling the network devices' configuration, it is strongly advised that the administrators test the implementation in a lab environment to avoid connectivity problems when implementing this on a production deployment. 
QRadar® Configuration
  1. Navigate to the "Add Managed Host" menu.
    1. Log into QRadar Console as the admin user.
    2. On the navigation menu ( Navigation menu icon ), click Admin.
    3. In the System Configuration section, click System and License Management.
    4. In the Display list, select Systems.
       
  2. Create a NAT Group for the Console
    1. Select the QRadar Console appliance in the host table.
    2. On the Deployment Actions menu, click Edit Host.
    3. Select the Network Address Translation check box.
    4. Click the settings icon (settings icon) to create a new NAT group.
    5. Click Add and create the NAT Group.
    6. Give the NAT Group a name and click on Save.
    7. Click Close to go back to the "Edit Managed Host" menu.
       
  3. Configure the Console to use the NAT Group.
    1. Select the Network Address Translation check box.
    2. In the NAT Group list, select the NAT group that the QRadar Console belongs to. In this technote example is "Main Office."
    3. In the Public IP field, type the Public IP address for the Console, and then click Save.

      Figure03
       
  4. Deploy the changes.
Result:
The Console will reconfigure the components on the managed hosts in the deployment to permit connections from the Console's Public IP.
The managed hosts will reach the Console using the Console's Public IP.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
15 March 2021

UID

ibm16419463

Page Feedback