Partner with experts to accelerate your digital transformation journey
Explore Now
Bobcares
Client Area
Emergency Support
Google cloud platform | Latest

Install QRadar Data Gateway on GCP – A Clear Walkthrough

PDF Header PDF Footer

Learn how to Install QRadar Data Gateway on GCP with a clear process, verified commands, and essential setup details for a secure deployment. Our Live Support Team is always here to help you.

Install QRadar Data Gateway on GCP – A Clear Walkthrough

Many administrators look for a direct way to Install QRadar Data Gateway on GCP without hitting common roadblocks. The challenge usually comes from strict FQDN limits, SSH key requirements, Install QRadar Data Gateway on GCPand update mismatches. To help you avoid these issues, here is a no-nonsense guide that covers the entire process, including every command you need for a working deployment.

 

Start with the project and FQDN

First, create a project name in GCP. Make sure the fully qualified domain name (FQDN) does not exceed 63 characters. The FQDN is formed by the deployment name followed by “-vm”, the zone, the region, the project name, and “.internal”.

For instance:
If the project name is abc-stq-xyz, the appliance deployment name is qr-con, the zone is us-east4-c, and the region is c, then the FQDN is:

qr-con-vm.us-east4-c.c.abc-stq-xyz.internal

Zones can be 10–25 characters long, so plan your project and deployment name accordingly.

Configure the network interface

Next, go to Google Cloud Platform > VPC network > VPC networks (most popular GCP services).

  • Click CREATE VPC NETWORK.
  • Name your network, set DNS server policy to No server policy, then click Create.

Add SSH key for cloud-user

Move to Google Cloud Platform > Compute Engine > Metadata > SSH Keys.

  • Click Edit, then Add item.
  • Enter your SSH key followed by cloud-user.
  • Click Save.

Download and upload the QRadar image

Now download the QRadar 7.5.0 UP7 virtual appliance image along with the .sig file from IBM Fix Central. Verify integrity with the .sig file.

Upload the image to Google Cloud Storage. Then, in Google Cloud Shell, run:

gcloud compute images create <IMAGE NAME> --project=<GCP PROJECT NAME> --source-uri gs://<BUCKET NAME>/<RAW FILE PATH> --guest-os-features=MULTI_IP_SUBNET,UEFI_COMPATIBLE

The import can take up to an hour.

Create the instance

Go to Navigation Menu > Compute Engine > Images. Select the imported image and click Create Instance.

  • Use a deployment name that fits the 63-character FQDN limit.
  • Choose the correct zone and machine type.
  • Select the earlier created network interface.
  • Configure firewall rules to allow only ports 22 and 443 from trusted IPs.
  • Accept the GCP Marketplace Terms of Service and click Deploy.

Assign a static IP

Go to Google Cloud Platform > Compute Engine > VM instances.

  • Select your appliance, click Edit.
  • Set Internal IP type to Static.
  • Reserve a new internal IP and static external IP.

Access the instance

When ready, log in with SSH:

ssh -i <key.pem> cloud-user@<public_IP_address>

Check FQDN length:

hostname -f | wc -c

If above 63, restart the process with a shorter name.

Then run:

sudo /root/setup_mh 7000

Set a strong root password (minimum 5 characters, no spaces, must include @, #, ^, or *).

Upgrade the data gateway

Match the gateway version to the Console version.

  • In Console, click About to check the version.
  • Download the SFS update file from Fix Central.
  • Copy the update to /storetmp:
sudo mv <version_number>_QRadar_patchupdate-<full_version_number>.sfs /storetmp
  • Open superuser shell:
sudo su -
  • Create update directory:
mkdir /media/updates
  • Mount the SFS file:
mount -o loop -t squashfs /storetmp/<version_number>_QRadar_patchupdate-<full_version_number>.sfs /media/updates
  • Run installer:
/media/updates/installer

Final setup

Generate a token using QRadar on Cloud Self Serve and allowlist the data gateway IP.

After reconnecting via SSH, enter superuser mode again:

sudo su -

Apply the known fix:

mkdir /etc/systemd/system/tunnel-monitor.service.d/; printf "[Service]\nExecStart=\nExecStart=/bin/true\n" > /etc/systemd/system/tunnel-monitor.service.d/override.conf; chmod 644 /etc/systemd/system/tunnel-monitor.service.d/override.conf; systemctl daemon-reload

Then finish setup:

/opt/qradar/bin/setup_qradar_host.py mh_setup interactive -p

Finally, exit superuser:

exit

[If needed, Our team is available 24/7 for additional assistance.]

Conclusion

That’s the complete way to Install QRadar Data Gateway on GCP. Every detail here matters—from project naming and firewall rules to version upgrades and tunnel monitor adjustments. By following this precise process, you can Install QRadar Data Gateway on GCP with confidence, keeping it stable and aligned with your QRadar Console.

Related posts:

    1. Reserve Google Cloud Static IP Address – How to perform it
    2. Migrate WordPress to Google Cloud
    3. Transit VPC Google cloud | All About
    4. All About Google cloud vCPU
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Get featured on the Bobcares blog and share your expertise with a global tech audience.

WRITE FOR US
server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Reserve Google Cloud Static IP Address – How to perform it
  2. Migrate WordPress to Google Cloud
  3. Transit VPC Google cloud | All About
  4. All About Google cloud vCPU

Top Categories

Speed issues driving customers away?
We’ve got your back!

OPTIMIZE TODAY