IBM Security QRadar

 View Only
Expand all | Collapse all

Natted IP manage host collector connection to Non-natted IP Qradar console and processor

  • 1.  Natted IP manage host collector connection to Non-natted IP Qradar console and processor

    Posted Tue September 15, 2020 12:22 PM
    I am going to connect collector which have natted IP address with non-natted console and processor to collect logs but I dont understand how to configure it. Please help me to get solution on these.

    Regards,
    Avinash

    ------------------------------
    Avinash Kolhe
    ------------------------------


  • 2.  RE: Natted IP manage host collector connection to Non-natted IP Qradar console and processor

    Posted Tue September 22, 2020 10:08 AM
      |   view attached

    QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which effectively are records of network sessions between two hosts. The component in QRadar that collects and creates flow information is known as QFlow.
    For installations on your own hardware or on virtual machines, add the QRadar Console ISO image in the root directory.

    1. Create the /media/dvd directory by typing the following command: mkdir /media/dvd.
    2. Mount the QRadar Console ISO image by typing the following command: mount -o loop <QRadar_ISO> /media/dvd.

    Please see the the link belov for more informations :

    Installing QRadar Console - IBM Knowledge Center

     

    https://www.google.com/search?client=firefox-b-d&q=how+to+install+qradar+console



    ------------------------------
    Elimane NDOYE
    ------------------------------

    Attachment(s)



  • 3.  RE: Natted IP manage host collector connection to Non-natted IP Qradar console and processor

    Posted Wed September 23, 2020 09:32 AM
    Hi Avainash,
    Before you begin:

    If you deploy a managed host and a Console in different virtual networks, you must allow firewall rules for the communication between the Console and the managed host. For more information, see QRadar port usage.
    In a QRadar deployment with multiple appliances, other ports might also be allowed between managed hosts. For more information about what ports might need to be allowed in your deployment, see Common ports and servers used by QRadar.

    Initial Firewall Requirements include:
    1. The IP addresses of the Console and EP must be allowed access on the EC's network.
    2. On the Console's network ensure access for the Public and Private IP of the EC.

    Initial Port Attachment  requirements:
    1. Port 22 and 443 for the console
    2. Port 22 for the EC and EP

    To attach the EC to the deployment follow the directions here: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/t_qradar_adm_configure_nat.html

    Hope this helps.
    Regards.
    Sree

    ------------------------------
    SREE ANANTHASAYANAM
    ------------------------------