Configuring IPtables
Before you configure your Verdasys Digital Guardian to forward events, you must configure IPtables in JSA to allow ICMP requests from Verdasys Digital Guardian.
- Use an SSH to log in to JSA as the root user.
Login:
rootPassword:
<password> - Type the following command to edit the IPtables file:
vi /opt/qradar/conf/iptables.post
The IPtables configuration file is displayed.
- Type the following commands to allow JSA to
accept ICMP requests from Verdasys Digital Guardian:
-I QChain 1 -m icmp -p icmp [icmp-type 8—] src <IP address> -j ACCEPT - I QChain 1 -m icmp -p icmp —type 0 --src <IP address> -j ACCEPT
Where <IP address> is the IP address of your Verdasys Digital Guardian appliance. For example,
-I QChain 1 -m icmp -p icmp— icmp-type 8--src 10.100.100.101 -j ACCEPT -I QChain 1 -m icmp -p icmp --icmp-type 0-src 10.100.100.101 -j ACCEPTNote:Make sure that you specify "--icmp-type" in the commands to avoid failures when you're upgrading the IPTables.
- Save your IPtables configuration.
- Type the following command to update IPtables in JSA:
./opt/qradar/bin/iptables_update.pl
- To verify that JSA accepts ICMP traffic from
your Verdasys Digital Guardian, type the following command:
iptables --list --line-numbers
The following output is displayed:
[root@Qradar bin]# iptables --list --line-numbers
Chain QChain (1 references)
num target prot opt source destination
1 ACCEPT icmp -- 10.100.100.101 anywhere icmp any
1 ACCEPT icmp -- 10.100.100.101 anywhere icmp echo-request
2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
3 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
The IPtables configuration for JSA is complete.