Configure a Network Address Translation (NAT) group to limit the number of public IP
addresses that are required for your IBM®
QRadar® managed hosts to
communicate with the internet.
Ensure that the NAT-enabled network is using
static NAT translation.
About this task
It is important to complete the NAT configuration for each managed host in your deployment before
you deploy the changes. After deployment, managed hosts that aren't NAT-enabled might not be able to communicate with
the QRadar
Console.
QRadar can support multiple
NAT networks when the public IP address for the QRadar
Console is the same in each network.
-
On the
navigation menu ( ), click
Admin.
-
In the System Configuration section, click System and License
Management.
-
In the Display list, select Systems.
-
To configure a NAT group for the QRadar
Console, follow these steps:
-
Select the QRadar
Console appliance
in the host table.
-
On the Deployment Actions menu, click Edit
Host.
-
Select the Network Address Translation check box.
-
In the NAT Group list, select the NAT group that the console belongs to,
or click the settings icon () to create a
new NAT group.
-
In the Public IP field, type the public IP address for the console, and
then click Save.
-
Configure each managed host in the same network to use the same NAT group as the QRadar
Console.
-
Select the managed host appliance in the host table.
-
On the Deployment Actions menu, click Edit
Host.
-
Select the Network Address Translation check box.
-
In the NAT Group list, select the NAT group that the QRadar
Console belongs to.
-
In the Public IP field, type the public IP address for the managed
host.
Note: Unless an event collector is connecting to a managed host that uses NAT, configure the managed
host to use the same the public IP address and the private IP address.
-
Click Save.
-
On the Admin tab, click .
Important: QRadar continues to collect events
when you deploy the full configuration. When the event collection service must restart, QRadar does not restart it
automatically. A message displays that gives you the option to cancel the deployment and restart the
service at a more convenient time.
What to do next
To fix communication issues between the QRadar
Console and hosts that are not NAT-enabled after deployment, edit the iptables
rules for the managed host to configure the local firewall to allow the QRadar
Console to access the managed host.