Configuring IPtables
Before you configure your Verdasys Digital Guardian to forward events, you must configure IPtables in JSA to allow ICMP requests from Verdasys Digital Guardian.
- Use an SSH to log in to JSA as the root user.
Login:
rootPassword:
<password> - Type the following command to edit the
IPtablesfile:vi /opt/qradar/conf/iptables.post
The IPtables configuration file is displayed.
- Type the following command to allow JSA to
accept ICMP requests from Verdasys Digital Guardian:
-I QChain 1 -m icmp -p icmp --src <IP address> -j ACCEPT
Where <IP address> is the IP address of your Verdasys Digital Guardian appliance. For example,
-I QChain 1 -m icmp -p icmp --src 10.100.100.101 -j ACCEPT - Save your
IPtablesconfiguration. - Type the following command to update
IPtablesin JSA:./opt/qradar/bin/iptables_update.pl
- To verify JSA accepts ICMP traffic from your
Verdasys Digital Guardian, type the following command:
iptables --list --line-numbers
The following output is displayed:
[root@Qradar bin]# iptables --list --line-numbers
Chain QChain (1 references)
num target prot opt source destination
1 ACCEPT icmp -- 10.100.100.101 anywhere icmp any
2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
3 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
The IPtables configuration for JSA is complete.