- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-22-2022 03:17 AM
Hello dear community,
now I setup everything what I needed to get an agent running with the broker vm. The agent is also connecting through P2P and directly to the server.
But where and how can I see, if the communication is ok through the broker vm?
BR
Rob
08-22-2022 05:05 AM
Hi @RFeyertag
Aside to above, to check if your agent proxy is working,
You may run the following commands
Windows
C:\Program Files\Palo Alto Networks\Traps>cytool proxy query
Mac
Sudo /Library/Application\ Support/PaloAltoNetworks/Traps/bin/cytool proxy query
Linux
/opt/traps/bin/cytool proxy query
The BVM IP address and port should be listed under Last good Proxy in the command output. If there is no Last Good Proxy, it means your agent cannot connect to Broker VM .If Proxy server is not configured properly, you can run this command to configure Proxy.
“cytool proxy set X.X.X.X:YYYY”
*replace X.X.X.X with BVM IP address and YYYY with BVM port
08-22-2022 05:41 AM
hi @RFeyertag ,
Couple of questions before answering in detail,what is your requirement? :
1. Do you want the agent to communicate to cloud via proxy?
2. Do you want the agent to take content and agent upgrades via Broker VM?
Answer 1: If you need the agents to Cortex XDR cloud via agent proxy on the broker VM, following are the steps:
Answer 2: for content updates and agent upgrades to happen via broker
08-22-2022 05:01 AM
Hi @RFeyertag
You can test access from agent to broker VM by reaching agent registration URL.
The Cortex XDR agent will use registration URL to register to Cortex XDR Server.
To get this URL, we need to have Agent Installer ID at first place.
The Cortex XDR agent installer ID can be checked from the Cortex XDR Management console -> Endpoints -> Agent Installations page. Add the Id column in the Layout to view installer ID.
Take the ID of the package that you have used to install agent before.
Add this installer ID in the end of below URL
https://distributions.traps.paloaltonetworks.com/operations/provision/register-url/<insert the installer ID here>
Configure the browser application (on the endpoint you are testing) to use the BVM proxy. In below screenshot with Firefox browser, 192.168.0.189 is the Broker VM IP address and port 8888 is the port configured in BVM Local Agent Settings.
Access the above URL from this broswer.
The expected result here are the following:
"chUrl":"https:\/\/ch-<xdr-tenant>.traps.paloaltonetworks.com",
"ccUrl":"https:\/\/cc-<xdr-tenant>.traps.paloaltonetworks.com",
"cdcUrl":"https:\/\/dc-<xdr-tenant>.traps.paloaltonetworks.com",
"instType":0
If you get above expected result, it means the connection between agent and server is fine.
Thank you!
08-22-2022 05:05 AM
Hi @RFeyertag
Aside to above, to check if your agent proxy is working,
You may run the following commands
Windows
C:\Program Files\Palo Alto Networks\Traps>cytool proxy query
Mac
Sudo /Library/Application\ Support/PaloAltoNetworks/Traps/bin/cytool proxy query
Linux
/opt/traps/bin/cytool proxy query
The BVM IP address and port should be listed under Last good Proxy in the command output. If there is no Last Good Proxy, it means your agent cannot connect to Broker VM .If Proxy server is not configured properly, you can run this command to configure Proxy.
“cytool proxy set X.X.X.X:YYYY”
*replace X.X.X.X with BVM IP address and YYYY with BVM port
08-22-2022 05:41 AM
hi @RFeyertag ,
Couple of questions before answering in detail,what is your requirement? :
1. Do you want the agent to communicate to cloud via proxy?
2. Do you want the agent to take content and agent upgrades via Broker VM?
Answer 1: If you need the agents to Cortex XDR cloud via agent proxy on the broker VM, following are the steps:
Answer 2: for content updates and agent upgrades to happen via broker
08-25-2022 03:57 AM
Thank you! This worked for me for checking it localy!
08-25-2022 04:51 AM
Hello Neelrohit,
thank you, yes both questions cover my requirements.
Do you know a way, how can we be informed by mail/alert when a broker vm is down? Until now, I only could find out, this message about the broker vm status appears in the notifications and in the settings in the app cloud console.
I would prefer it in an audit log to throw a alert/mail.
08-25-2022 05:08 AM
The data for broker VM connectivity and other associated detail is audited and logged in the management audit logs. You can filter the same and create a notification forwarding for the Broker VM disconnections.
Regards,
Neel
08-30-2022 02:45 AM
Hello Neelrohit!
It takes one hour until the log entry is written to management audit logs. It this one hour delay adjustable?
BR
Rob
08-30-2022 06:39 PM
As of now, this is not adjustable. We request you to kindly open a support case and report the issue and the engineering team can fix this to optimise the latency in the log status.
Regards,
08-31-2022 04:41 AM
Thank you! I will ask them.
BR
Rob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!