How To
Summary
The remote tunnel initiation is used with SSH tunnels to allow a remote host to communicate with a local host when the connection is not bidirectional. For example, when a firewall denies communication from an Event Collector to an Event Processor but allows communication from the Event Processor to the Event Collector.
Objective
Steps
Note: Enabling remote tunnel initiation for a firewall block is a work around and is not a substitute for network admins updating the firewall to allow connection from the Console. These steps are primarily used for when the server is owned by a tenant then the tenant machine creates the connection so they maintain control of the keys.
- Log in to the QRadar Console as an administrator.
- On the Admin tab, click System and License Management.
- Make sure that Display shows Systems.
- Click the host to modify.
- Click Deployment Actions.
- Click Edit Host.
- Click the checkbox for Remote Tunnel Initiation to enable this feature. To disable it, uncheck the box.
Note: The console should not have Encrypt Host Connection enabled unless specifically requested by support because it can prevent the console from communicating with other managed hosts. - Click Save.
- Deploy the changes.
Result
After the deploy, remote tunnel initiation is enabled. For more information about SSH tunnels, see QRadar: What is a SSH tunnel?
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
31 May 2023
UID
ibm16995695