IBM Support

QRadar: Implementing NAT connections with QRadar NAT Groups



QRadar® in non-NAT'ed environments uses the IP addresses of the Console, and the other managed hosts to establish connections. When a host is reachable through a different IP, this requires a Network Address Translation (NAT) configuration.
When NAT is configured, the connections between the appliances must know:
  1. Which IP address to use and connect to.
  2. Which IP address to allow into the local firewall rules. 

Resolving The Problem

The following article series explains how NAT is implemented in QRadar®, how to configure NAT Groups to suit the administrator needs, and troubleshooting known issues related to the implementation.
Q&A Series:
  1. Network Address Translation (NAT) in QRadar deployments
  2. Understanding NAT Groups and implementation scenarios

  1. How to add a managed host reachable through a different IP
  2. Configure the Console to be reachable through a different IP
  3. How to add a managed host to an existing NAT Group for private IP communication

Known issues:
  1. Managed host connectivity fails due to an unknown network device translating the connection

Document Location


[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
07 May 2021