Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring IPtables

 

Before you configure your Verdasys Digital Guardian to forward events, you must configure IPtables in JSA to allow ICMP requests from Verdasys Digital Guardian.

  1. Use an SSH to log in to JSA as the root user.

    Login: root

    Password: <password>

  2. Type the following command to edit the IPtables file:

    vi /opt/qradar/conf/iptables.post

    The IPtables configuration file is displayed.

  3. Type the following commands to allow JSA to accept ICMP requests from Verdasys Digital Guardian:

    -I QChain 1 -m icmp -p icmp [icmp-type 8—] src <IP address> -j ACCEPT - I QChain 1 -m icmp -p icmp —type 0 --src <IP address> -j ACCEPT

    Where <IP address> is the IP address of your Verdasys Digital Guardian appliance. For example,

    -I QChain 1 -m icmp -p icmp— icmp-type 8--src 10.100.100.101 -j ACCEPT -I QChain 1 -m icmp -p icmp --icmp-type 0-src 10.100.100.101 -j ACCEPT

    Note

    Make sure that you specify "--icmp-type" in the commands to avoid failures when you're upgrading the IPTables.

  4. Save your IPtables configuration.
  5. Type the following command to update IPtables in JSA:

    ./opt/qradar/bin/iptables_update.pl

  6. To verify that JSA accepts ICMP traffic from your Verdasys Digital Guardian, type the following command:

    iptables --list --line-numbers

    The following output is displayed:

    The IPtables configuration for JSA is complete.