Question & Answer
Question
How do you physically cable and attach a IBM QRadar Network Security IQNS (XGS) appliance in HA pair to your network?
Answer
This diagrams HA deployment for a single fail over segment or single load balanced segment. The IBM QRadar Network Security IQNS (XGS) HA solution operates in an Active / Active configuration. Because of this, there is no failover control that is built into the IPS. This design accommodates both fail over and load balanced HA segments.
Note:
1). The XGS HA does not operate in an Active / Standby configuration. This allows the network environment, around the XGS in HA, to operate in a failover and load balanced configuration.
2). In an HA deployment using XGS7100, every four-interface group is recommended to be configured in the same NIM group. Ex. Group 1=NIM1 and NIM2; Group 2 =NIM3 and NIM4.
3). If you have deployed XGS 7100 appliances in an Active / Standby deployment and 1GbE NIMs are used for connections, add the following tuning parameter to the Advanced Tuning Parameters policy and set the value to true (default=false) for resource optimization:
Primary Segment IQNS/XGS Appliance Connections
Port 1.1: Primary Firewall/Router
Port 1.2: Primary Switch
Port 1.3: (Mirror) goes to 1.3 of the Secondary Segment appliance
Port 1.4: (Mirror) goes to 1.4 of the Secondary Segment appliance
Secondary Segment IQNS/XGS Appliance Connections
Port 1.1: Secondary Firewall/Router
Port 1.2: Secondary Switch
Port 1.3: (Mirror) from 1.3 of the Primary Segment appliance
Port 1.4: (Mirror) from 1.4 of the Primary Segment appliance
Note: Any additional HA monitored segments can be added with the Network Interface Modules (NIMs) using the same 4-port connection pattern.
For additional information on implementing High Availability (HA) with IBM QRadar Network Security IQNS (XGS) see the below attached document.
Note:
1). The XGS HA does not operate in an Active / Standby configuration. This allows the network environment, around the XGS in HA, to operate in a failover and load balanced configuration.
2). In an HA deployment using XGS7100, every four-interface group is recommended to be configured in the same NIM group. Ex. Group 1=NIM1 and NIM2; Group 2 =NIM3 and NIM4.
3). If you have deployed XGS 7100 appliances in an Active / Standby deployment and 1GbE NIMs are used for connections, add the following tuning parameter to the Advanced Tuning Parameters policy and set the value to true (default=false) for resource optimization:
segment.ha.alignment=truePrimary Segment IQNS/XGS Appliance Connections
Port 1.1: Primary Firewall/Router
Port 1.2: Primary Switch
Port 1.3: (Mirror) goes to 1.3 of the Secondary Segment appliance
Port 1.4: (Mirror) goes to 1.4 of the Secondary Segment appliance
Secondary Segment IQNS/XGS Appliance Connections
Port 1.1: Secondary Firewall/Router
Port 1.2: Secondary Switch
Port 1.3: (Mirror) from 1.3 of the Primary Segment appliance
Port 1.4: (Mirror) from 1.4 of the Primary Segment appliance
Note: Any additional HA monitored segments can be added with the Network Interface Modules (NIMs) using the same 4-port connection pattern.
For additional information on implementing High Availability (HA) with IBM QRadar Network Security IQNS (XGS) see the below attached document.
[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Hardware","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":" ","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.3;5.3.1;5.3.2;5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 January 2021
UID
swg21691051