IBM Support

QRadar Vulnerability Manager: Important external scan (DMZ scan) service changes

News


Abstract

IBM® is migrating the QRadar Vulnerability Manager (QVM) external scanner service to a new location in the IBM Cloud®. This notice is intended to advise administrators that use QVM external scans (DMZ scans) that firewall updates are required to avoid an interruption in service.

Content


Important: QRadar Vulnerability Manager administrators with external scans enabled must update their corporate firewalls to allow connections to 158.177.51.62:443. If you fail to update your firewall rules before 1 September 2021, you might experience scans stuck at 1% that cannot complete successfully.

About

IBM® is migrating the QRadar® Vulnerability Manager external scanner service to IBM Cloud and firewall changes are required by administrators to avoid service disruption for external vulnerability (DMZ) scans.
Server changes Web server hostname Static IP address and port Location Description
New server cluster https://console-qvm-scanner.qradar.ibmcloud.com/ 158.177.51.62:443 United States New server active on 1 September 2021
Legacy server https://external-scanner.qradar.ibmcloud.com/ 194.153.113.31:443 Germany Active until 1 September 2021
Legacy server https://194.153.113.32/ 194.153.113.32:443 Germany No longer active

Affected versions

All users of QRadar® Vulnerability Manager external scan configurations on all QRadar versions are affected by this service update

Action required


Administrators must ensure a QRadar auto update completes, then restart the QVM scanner process with a full deploy to ensure that external scans can complete successfully. QRadar continues to collect events when you deploy the full configuration. When the event collection service must restart, QRadar does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.

Procedure
  1. Update your corporate firewall rules to allow access to 158.177.51.62:443.
  2. Ensure an auto update completes on Sept 1, 2021.
    Note: Administrators can review their System Notifications or click Admin > Auto Updates to view when the last auto update occurred.
  3. Log in to the QRadar Console as an administrator.
  4. Click the Admin tab.
  5. Select Advanced > Deploy Full Configuration.
  6. Click OK to start the full deploy.
    Note: If you upgrade your QRadar deployment to a newer software version, you might be required to repeat this procedure if external scans appear to be stuck at 1%.

    Results
    Wait for the deploy to complete to ensure scan configurations are updated. Administrators can run an external scan and confirm the scan completes successfully. If you experience issues with external scans stuck at 1% or auto updates on or after 1 September 2021, contact QRadar Support.

     

Summary

Administrators must contact their corporate firewall team to ensure that any IP-based firewall rules are updated before 1 September 2021 to use the new static IP address at 158.177.51.62 on TCP/443. QRadar Support recommends administrators configure their firewall rules to use static IP addresses provided by IBM. If you choose to use the hostname https://console-qvm-scanner.qradar.ibmcloud.com/ in your corporate firewall configuration, you must ensure that your DNS server resolves to 158.177.51.62:443 if your external scans display a status of 1% without progressing.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"},{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]

Document Information

Modified date:
31 August 2021

UID

ibm16484635