Configuring the DTLS communications protocol

To prevent eavesdropping and tampering, you can set up Datagram Transport Layer Security (DTLS) on a QRadar Network Insights managed host. This encrypts the IPFIX connection between the QRadar Network Insights managed host and the Flow Processor or Flow Collector that receives the traffic.

Configuring DTLS is optional, and is not required for QRadar Network Insights to work.

Before you begin

Ensure that your QRadar Network Insights appliance is attached as a managed host. For more information, see Adding the QRadar Network Insights appliance as a managed host.

About this task

You can have more than one QRadar Network Insights appliance that points to a single DTLS port, but configuring multiple DTLS ports is not supported.

After you configure the DTLS communications protocol, if you change the QRadar Flow Collector or flow source of any QRadar Network Insights managed hosts in your deployment, you must deploy the changes.

Procedure

  1. On the Admin tab, in the System Configuration section, click System and License Management.
  2. Select the managed host, and on the Deployment Actions menu, click Edit Host Connection.
  3. On the Modify QRadar Network Insights Connection page, select the QRadar Flow Collector and flow source.
  4. Click Save.
  5. Specify whether to configure the QRadar Network Insights appliance as a stand-alone or stacked appliance.
  6. Click Next, and then click Save.
  7. Close the System and License Management page.
  8. On the Admin tab menu bar, click the Deploy Changes icon.