QRadar Support and Development teams are investigating an issue where upgrades to QRadar 7.4.3 Fix Pack 4 (2020.11.4.20211113154131). Administrators reported that the upgrade from a pre-7.4.2 version to QRadar 7.4.3 Fix Pack 4, managed hosts in a multi-distributed NAT network took more than 24 hours to complete the upgrade. Administrators with an unreachable private IP address NAT group enabled and plan upgrade to QRadar 7.4.3 Fix Pack 4 need to contact QRadar Support to confirm if your upgrade is affected by this issue.
- 10 December 2021: Initial announcement to alert administrators to a potential upgrade issue for multi-distributed NAT networks for QRadar 7.4.3 Fix Pack 4. Updates to this technical note are expected as more information is available on this issue.
Informational: QRadar® Development teams identified an upgrade issue that affects users who plan to upgrade to QRadar 7.4.3 Fix Pack 4. An APAR is not yet available for this issue, but this notice is intended to alert administrators planning an upgrade with multiple NAT groups enabled on managed hosts to contact support to confirm if you are affected. Users with NAT configurations upgrading from certain QRadar versions to QRadar 7.4.3 Fix Pack 4 can experience extended maintenance windows where a managed host upgrade can take up to 24 hours to complete.
Important: If an upgrade appears to be 'Stuck', you must contact support. Forcing an upgrade to exit can cause a catastrophic failure and might require an appliance to be rebuilt or cause data loss. Never attempt to Ctrl + C or exit an upgrade in progress. Always contact support when you experience an upgrade issue or the upgrade takes longer than expected to complete.
Administrators with NAT'd networks who upgrade to the following version:
- QRadar® SIEM 7.4.3 Fix Pack 4 (2020.11.4.20211113154131)
What to do
If you have a planned upgrade to QRadar 7.4.3 Fix Pack 4, you must collect logs and open a case for QRadar Support to confirm if your NAT configuration is affected. QRadar Support can review the logs attached in your case to determine whether you are affected or if a workaround can be applied.
- Log in to the QRadar Console as an administrator.
- Click the Admin tab.
- Click the System and License Management icon.
- Select View > Systems.
- Optional. If you are unsure, if your appliances have Network Address Translation (NAT) enabled, select Deployment Actions > Edit Host. If the Network Address Translation check box is selected and more than one NAT group is configured for your deployment, you must collect example logs from one or more appliances for review by QRadar Support before you upgrade to QRadar 7.4.3 Fix Pack 4.
- Select the QRadar appliances with Network Address Translation enabled.
Note: Use Shift + click or Ctrl + click to get logs from multiple appliances in the user interface.
- Select Actions > Collect Log Files and wait for the log collection to complete.
- Download the logs to your workstation.
- Open a Severity 1 case with QRadar Support.
- Add a summary to your case, for example: 7.4.3 Fix Pack 4 upgrade review (11074).
- Upload your logs for support.
The support representative reviews the logs to confirm whether any action is required before you upgrade. We apologize for this issue and want to ensure that users with multiple NAT networks who plan to upgrade to 7.4.3 Fix Pack 4 have the appliance logs reviewed to confirm that they do not experience extended upgrade windows.
Was this topic helpful?
10 December 2021