03-28-2025 03:03 AM
Hi Dears,
I have configured a proxy on the endpoints to allow them to establish a connection with the Broker VM. Everything is working as expected, and the agents’ status shows as "Connected."
However, while reviewing the Network Firewall, I noticed that the agents are also simultaneously attempting to connect directly to Cortex XDR IP addresses (application: traps-management-service). Reference IP addresses: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Resources-R...
Is it expected behavior for the agents to attempt direct connections to Cortex XDR IPs even when a proxy is configured and functioning properly on the endpoint?
03-28-2025 06:08 AM
Hi @Aristooo,
That's an expected behavior. You can force the agents to only use the Proxy, but anyway sometimes you can see connection attempts to the tenant directly.
From the Agent Settings Profile assigned to the endpoints, you can change this setting:
If this post answers your question, please mark it as the solution.
03-28-2025 06:08 AM
Hi @Aristooo,
That's an expected behavior. You can force the agents to only use the Proxy, but anyway sometimes you can see connection attempts to the tenant directly.
From the Agent Settings Profile assigned to the endpoints, you can change this setting:
If this post answers your question, please mark it as the solution.
03-28-2025 06:18 AM
Hi @jmazzeo ,
Thank you for your response. I will try it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
