IBM Support

QRadar: Managing IPtables firewall ports using the User Interface

Question & Answer


Question

Is there a way, in the User Interface, to open network ports from specific IP addresses or CIDR ranges, to a Managed Host?

Answer


Before you begin

When to use IPtables rules to block traffic
Best Practices
How to prevent lockouts
procedure

Before you begin

  • After you enable this feature, only the default ports are opened.
  • Ports opened during log source configuration are opened
  • Only preferred management hosts have access to the QRadar.
  • All other hosts and ports are locked out of the system or deployment.
  • When using this feature, it is important to do planning so as not to lock yourself out of the system.
  • If you configure this wrong, you also can lose events from nondefault ports.
 

When to use IPtables rules to block traffic

When is it best to use IPtables to block traffic?

  • Restrict access to the Console by Subnets, CIDR range.
  • Limiting Console assess to specific management hosts.
  • Opening ports that are not within the default port range.
 

How to prevent lockouts

To prevent yourself from being locked out of QRadar, you need access to an IMM or iDRAC to update firewall rules.
QRadar: Modifying iptables rules in QRadar

Procedure

The procedure below allows access to specific Managed Hosts with specific ports and protocols from the UI in QRadar Version 7.3.3 and beyond.

  1. After logging into the UI, click the Admin tab > System and License Management icon.
  2. Highlight a system to add a firewall rule to.

  3. From the top Menu Bar click Actions > View and Manage System.

  4. Click the Firewall tab.

  5. Add the rule for any IP or CIDR range. Protocol ANY, TCP or UDP, and any Port or Range of Ports then click  .
  6. Click Save.
  7. To remove a rule, click Remove or Remove All to remove all rules.

  8. Click Save.


[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Admin Console","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
14 November 2022

UID

swg21987489