Agent not communicating

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Agent not communicating

L2 Linker

Hello, If I ask, can you please answer to this question? 

The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

a. reinstall the root CA certificate 

b. enable SSL decryption

c. disable SSL decryption 

d. add paloaltonetworks.com to the SSL Decryption Exclusion list

1 accepted solution

Accepted Solutions

L4 Transporter

Hello @JahidAliyev 

 

Thanks for reaching out on LiveCommunity!

If you are using SSL decryption on your firewalls then please ensure to exclude below URLs from SSL decryption.

FQDN 1

Cortex Services

*.traps.paloaltonetworks.com

FQDN 2

*.xdr.<region>.paloaltonetworks.com

FQDN 3

Cloud Identity Engine Agent

agent-directory-sync.<region>.paloaltonetworks.com(FOR US/UK/EU/SG)

agent-directory-sync.<region>.apps.paloaltonetworks.com(FOR CA/JP/AU/DE/GOV/IN)

 

Please make sure to replace <region> with the actual region of your tenant.

Also to establish communication between agent and XDR tenant please make sure the list of FQDNs, IPs, ports or App-ids that are mentioned in below document are whitelisted.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Resources-R...

 

Regarding updation of Trusted CA certificate for Broker VM please follow below link. You will find necessary details under "Configure the Broker VM" section.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Configure-t...

 

If you still face connectivity problem please open a TAC case.

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

View solution in original post

1 REPLY 1

L4 Transporter

Hello @JahidAliyev 

 

Thanks for reaching out on LiveCommunity!

If you are using SSL decryption on your firewalls then please ensure to exclude below URLs from SSL decryption.

FQDN 1

Cortex Services

*.traps.paloaltonetworks.com

FQDN 2

*.xdr.<region>.paloaltonetworks.com

FQDN 3

Cloud Identity Engine Agent

agent-directory-sync.<region>.paloaltonetworks.com(FOR US/UK/EU/SG)

agent-directory-sync.<region>.apps.paloaltonetworks.com(FOR CA/JP/AU/DE/GOV/IN)

 

Please make sure to replace <region> with the actual region of your tenant.

Also to establish communication between agent and XDR tenant please make sure the list of FQDNs, IPs, ports or App-ids that are mentioned in below document are whitelisted.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Resources-R...

 

Regarding updation of Trusted CA certificate for Broker VM please follow below link. You will find necessary details under "Configure the Broker VM" section.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Configure-t...

 

If you still face connectivity problem please open a TAC case.

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

  • 1 accepted solution
  • 1228 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!