Changing the NAT status for a managed host

Configure a managed host to use network address translation (NAT) to ensure that it can communicate with the QRadar Console and other managed hosts in the same network.

Before you begin

Ensure that the NAT-enabled network is using static NAT translation.

The QRadar Console and all managed hosts in the same network must be members of the same NAT group.

To change the NAT status for a managed host, make sure that you update the managed host configuration within IBM QRadar before you update the device. Updating the configuration first prevents the host from becoming unreachable, and ensures that you can continue to deploy changes to that host.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the System Configuration section, click the System and License Management icon.
  3. In the Display list, select Systems.
  4. Select the host in the host table, and on the Deployment Actions menu, click Edit Host.
  5. To disable NAT, clear the Network Address Translation check box.
  6. To enable NAT, follow these steps:
    1. Select the Network Address Translation check box.
    2. From the NAT Group list, select the group that the managed host belongs to.
    3. In the Public IP field, type the public IP address that the managed host uses to communicate with other hosts in a different NAT group.
  7. Click Save.
  8. On the Admin tab, click Advanced > Deploy Full Configuration.
    Important: QRadar continues to collect events when you deploy the full configuration. When the event collection service must restart, QRadar does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.

What to do next

If you enabled NAT, you might have to update the firewall configuration for the managed host that you want to communicate with. For more information, see Configuring your local firewall.