02-13-2024 11:58 PM
Hello, If I ask, can you please answer to this question?
The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?
a. reinstall the root CA certificate
b. enable SSL decryption
c. disable SSL decryption
d. add paloaltonetworks.com to the SSL Decryption Exclusion list
02-15-2024 06:00 AM
Hello @JahidAliyev
Thanks for reaching out on LiveCommunity!
If you are using SSL decryption on your firewalls then please ensure to exclude below URLs from SSL decryption.
|
FQDN 1 |
Cortex Services |
*.traps.paloaltonetworks.com |
|
FQDN 2 |
*.xdr.<region>.paloaltonetworks.com |
|
|
FQDN 3 |
Cloud Identity Engine Agent |
agent-directory-sync.<region>.paloaltonetworks.com(FOR US/UK/EU/SG) agent-directory-sync.<region>.apps.paloaltonetworks.com(FOR CA/JP/AU/DE/GOV/IN) |
Please make sure to replace <region> with the actual region of your tenant.
Also to establish communication between agent and XDR tenant please make sure the list of FQDNs, IPs, ports or App-ids that are mentioned in below document are whitelisted.
Regarding updation of Trusted CA certificate for Broker VM please follow below link. You will find necessary details under "Configure the Broker VM" section.
If you still face connectivity problem please open a TAC case.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
02-15-2024 06:00 AM
Hello @JahidAliyev
Thanks for reaching out on LiveCommunity!
If you are using SSL decryption on your firewalls then please ensure to exclude below URLs from SSL decryption.
|
FQDN 1 |
Cortex Services |
*.traps.paloaltonetworks.com |
|
FQDN 2 |
*.xdr.<region>.paloaltonetworks.com |
|
|
FQDN 3 |
Cloud Identity Engine Agent |
agent-directory-sync.<region>.paloaltonetworks.com(FOR US/UK/EU/SG) agent-directory-sync.<region>.apps.paloaltonetworks.com(FOR CA/JP/AU/DE/GOV/IN) |
Please make sure to replace <region> with the actual region of your tenant.
Also to establish communication between agent and XDR tenant please make sure the list of FQDNs, IPs, ports or App-ids that are mentioned in below document are whitelisted.
Regarding updation of Trusted CA certificate for Broker VM please follow below link. You will find necessary details under "Configure the Broker VM" section.
If you still face connectivity problem please open a TAC case.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
