Question & Answer
Question
Is there a way, in the User Interface, to open network ports from specific IP addresses or CIDR ranges, to a Managed Host?
Answer
Before you begin
When to use IPtables rules to block traffic
Best Practices
How to prevent lockouts
procedure
Before you begin
- After you enable this feature, only the default ports are opened.
- Ports opened during log source configuration are opened
- Only preferred management hosts have access to the QRadar.
- All other hosts and ports are locked out of the system or deployment.
- When using this feature, it is important to do planning so as not to lock yourself out of the system.
- If you configure this wrong, you also can lose events from nondefault ports.
When to use IPtables rules to block traffic
When is it best to use IPtables to block traffic?
- Restrict access to the Console by Subnets, CIDR range.
- Limiting Console assess to specific management hosts.
- Opening ports that are not within the default port range.
How to prevent lockouts
To prevent yourself from being locked out of QRadar, you need access to an IMM or iDRAC to update firewall rules.
QRadar: Modifying iptables rules in QRadar
Procedure
The procedure below allows access to specific Managed Hosts with specific ports and protocols from the UI in QRadar Version 7.3.3 and beyond.
- After logging into the UI, click the Admin tab > System and License Management icon.
- Highlight a system to add a firewall rule to.
- From the top Menu Bar click Actions > View and Manage System.
- Click the Firewall tab.
- Add the rule for any IP or CIDR range. Protocol ANY, TCP or UDP, and any Port or Range of Ports then click .
- Click Save.
- To remove a rule, click Remove or Remove All to remove all rules.
- Click Save.
[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Admin Console","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
14 November 2022
UID
swg21987489