News
Abstract
IBM® is migrating the QRadar Vulnerability Manager (QVM) external scanner service to a new location in the IBM Cloud®. This notice is intended to advise administrators that use QVM external scans (DMZ scans) that firewall updates are required to avoid an interruption in service.
Content
Important: QRadar Vulnerability Manager administrators with external scans enabled must update their corporate firewalls to allow connections to 158.177.51.62:443. If you fail to update your firewall rules before 1 September 2021, you might experience scans stuck at 1% that cannot complete successfully.
IBM® is migrating the QRadar® Vulnerability Manager external scanner service to IBM Cloud and firewall changes are required by administrators to avoid service disruption for external vulnerability (DMZ) scans.
| Server changes | Web server hostname | Static IP address and port | Location | Description |
| New server cluster | https://console-qvm-scanner.qradar.ibmcloud.com/ | 158.177.51.62:443 | United States | New server active on 1 September 2021 |
| Legacy server | https://external-scanner.qradar.ibmcloud.com/ | 194.153.113.31:443 | Germany | Active until 1 September 2021 |
| Legacy server | https://194.153.113.32/ | 194.153.113.32:443 | Germany | No longer active |
All users of QRadar® Vulnerability Manager external scan configurations on all QRadar versions are affected by this service update
Administrators must ensure a QRadar auto update completes, then restart the QVM scanner process with a full deploy to ensure that external scans can complete successfully. QRadar continues to collect events when you deploy the full configuration. When the event collection service must restart, QRadar does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.
Procedure
Administrators must ensure a QRadar auto update completes, then restart the QVM scanner process with a full deploy to ensure that external scans can complete successfully. QRadar continues to collect events when you deploy the full configuration. When the event collection service must restart, QRadar does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.
Procedure
-
Update your corporate firewall rules to allow access to 158.177.51.62:443.
-
Ensure an auto update completes on Sept 1, 2021.
Note: Administrators can review their System Notifications or click Admin > Auto Updates to view when the last auto update occurred. -
Log in to the QRadar Console as an administrator.
-
Click the Admin tab.
-
Select Advanced > Deploy Full Configuration.
-
Click OK to start the full deploy.
Note: If you upgrade your QRadar deployment to a newer software version, you might be required to repeat this procedure if external scans appear to be stuck at 1%.
Results
Wait for the deploy to complete to ensure scan configurations are updated. Administrators can run an external scan and confirm the scan completes successfully. If you experience issues with external scans stuck at 1% or auto updates on or after 1 September 2021, contact QRadar Support.
Administrators must contact their corporate firewall team to ensure that any IP-based firewall rules are updated before 1 September 2021 to use the new static IP address at 158.177.51.62 on TCP/443. QRadar Support recommends administrators configure their firewall rules to use static IP addresses provided by IBM. If you choose to use the hostname https://console-qvm-scanner.qradar.ibmcloud.com/ in your corporate firewall configuration, you must ensure that your DNS server resolves to 158.177.51.62:443 if your external scans display a status of 1% without progressing.
Related Information
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"},{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Document Information
Modified date:
31 August 2021
UID
ibm16484635