Troubleshooting automatic update failure on networks that use IP-based firewall rules
A change in the IP address for the auto update server can cause errors if you use IP-based firewall rules. An error message might display if IBM QRadar does not download the daily or weekly updates from the QRadar automatic update server. If you block communication based on the IP address that is associated with auto-update.qradar.ibmcloud.com/, you must update the firewall rules to allow the new IP address before you can receive automatic updates.
About this task
If you have IP-based firewall rules to allow automatic updates between the QRadar
Console and the internet, you must
update your firewall configuration with the following host name or IP address:
| Description | Host name | IP address | Location | Status |
|---|---|---|---|---|
| Automatic Update Server | auto-update.qradar.ibmcloud.com/ | 169.47.251.244:443 | Global | Active host name and IP address for administrators. |
Important: The legacy server IP address 69.20.113.167 and
FQDN qmmunity.q1labs.com are obsolete. Use the IP address specified in
the preceding table.
Important: Configure your firewall rules to allow host names to ensure that automatic
updates are not interrupted if a server IP address is changed. QRadar uses a speed test that can
fail over to another auto update server. At run time for an auto update, the QRadar
Console starts the speed test to
download a test file from both server locations. The fastest connection to the QRadar
Console is used to download daily and
weekly automatic updates.
After you update the firewall rules, you can test your auto update connection by manually retrieving a QRadar automatic update.