Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Can Cortex XDR be installed to be standalone?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can Cortex XDR be installed to be standalone?

L0 Member

We're in a situation where HQ has moved to Cortex XDR, at the satellite facilities, there are PC/Laptops that never touches HQ network and are often standalone systems or is on a competely separate domain and those domain is to never communicate with the HQ domain. To complicate things a little more, some of these other domains are moving targets that are often offline for an extended periods (Maritime). 

 

We were provided an installer Agent 7.3.1, I have it on a Server 2019 and a Win 10 VM as well as a physical Win 10 box. The two VM shows to be checked in and communicating with the trap server but is showing to be disabled. The physical Win 10 refuses to connect to the server at all. 

 

We've always operated our satellite sites using standard alone versions of SEP which has worked well. Is it possible with Cortex XDR?

1 REPLY 1

L3 Networker

Hi Vudoo408,

 

Let me answer your question directly first then follow up with additional questions and solution. 🙂

With regards to standalone agent installer, you can check the link below (Install or Update Agents Using Installer and Content Package Manually)

https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-5/cortex-xdr-agent-admin/cortex-xdr-agent-for-...

 

Follow up questions: with regards to satellite facilities, are they air gapped environment or they have access to internet directly? If they have then technically as long as the required communication ports/fqdn are open then agents should be able to check-in

If they are air gapped, would setting up broker vm on those satellite facilities an option?

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/broker-vm/set-up-broker-vm/...

 

Q:The two VM shows to be checked in and communicating with the trap server but is showing to be disabled.

A:(need to check the policy and profile assigned to the agent whether modules are enabled). Also try installing the latest agent, 7.5.1 instead.  

Q: The physical Win 10 refuses to connect to the server at all. 

most common culprit are:

A: firewall (either ports are not open from network segment or endpoint firewall itself is blocking)

A: doesnt have updated certificate 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr...

You can also submit a support case for PA support to analyze the logs

Once you open/double click the xdr agent icon and open the xdr agent console from the bottom right corner of your screen.

You can click the generate tech support file  which will grab the needed support files and output in zip file which you can attach to the case, as alternative if generating tech support file doesn't work, You should be able to see Open Log File, copy/upload that log file on the case.

 

  • 2927 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!