https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-connection-method/m-p/1222532#M7999 <P data-start="76" data-end="287">Hi, While monitoring network traffic during our deployment, we noticed that all traffic between the endpoint and the <STRONG data-start="185" data-end="199">XDR portal</STRONG> (<CODE data-start="201" data-end="249">&lt;xdr-tenant&gt;.xdr.&lt;region&gt;.paloaltonetworks.com</CODE>) is <STRONG data-start="254" data-end="284">one-directional (outbound)</STRONG>.</P> <P data-start="76" data-end="287">&nbsp;</P> <P data-start="289" data-end="515">We have <STRONG data-start="297" data-end="322">private Linux servers</STRONG> in a <STRONG data-start="328" data-end="376">separate environment with no internet access</STRONG>. However, after deploying the agent and reviewing firewall logs, we did not observe any traffic from the <STRONG data-start="482" data-end="512">endpoint to the XDR portal</STRONG>.</P> <P data-start="289" data-end="515">&nbsp;</P> <P data-start="517" data-end="678">Could someone provide more details on how the <STRONG data-start="563" data-end="598">connection works on the backend?</STRONG></P> <P data-start="517" data-end="678"><STRONG data-start="563" data-end="598"><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;</STRONG></P> Tue, 04 Mar 2025 12:33:53 GMT A.Alharbi095930 2025-03-04T12:33:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-connection-method/m-p/1222532#M7999 <P data-start="76" data-end="287">Hi, While monitoring network traffic during our deployment, we noticed that all traffic between the endpoint and the <STRONG data-start="185" data-end="199">XDR portal</STRONG> (<CODE data-start="201" data-end="249">&lt;xdr-tenant&gt;.xdr.&lt;region&gt;.paloaltonetworks.com</CODE>) is <STRONG data-start="254" data-end="284">one-directional (outbound)</STRONG>.</P> <P data-start="76" data-end="287">&nbsp;</P> <P data-start="289" data-end="515">We have <STRONG data-start="297" data-end="322">private Linux servers</STRONG> in a <STRONG data-start="328" data-end="376">separate environment with no internet access</STRONG>. However, after deploying the agent and reviewing firewall logs, we did not observe any traffic from the <STRONG data-start="482" data-end="512">endpoint to the XDR portal</STRONG>.</P> <P data-start="289" data-end="515">&nbsp;</P> <P data-start="517" data-end="678">Could someone provide more details on how the <STRONG data-start="563" data-end="598">connection works on the backend?</STRONG></P> <P data-start="517" data-end="678"><STRONG data-start="563" data-end="598"><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;</STRONG></P> Tue, 04 Mar 2025 12:33:53 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-connection-method/m-p/1222532#M7999 A.Alharbi095930 2025-03-04T12:33:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-connection-method/m-p/1222795#M8007 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/848744293">@A.Alharbi095930</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>By default in the Agent Settings profile, the agents will try to get the Content Updates from other agents using P2P, then Broker VM if there is any, and then goes to the tenant over internet.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="jmazzeo_0-1741189135856.png" style="width: 596px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/66387iA81FBFACBE76F9BC/image-dimensions/596x155?v=v2" width="596" height="155" role="button" title="jmazzeo_0-1741189135856.png" alt="jmazzeo_0-1741189135856.png" /></span></P> <P>If there is another agent in the same network with the CU downloaded, it will be shared.</P> <P>&nbsp;</P> <P>You have more information in <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Set-up-agent-settings-profiles" target="_self">this document</A>.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Wed, 05 Mar 2025 15:42:03 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-connection-method/m-p/1222795#M8007 jmazzeo 2025-03-05T15:42:03Z