08-24-2025 09:56 PM
Hi Team,
I'd like to know how endpoint devices, XDR Broker VM and XSIAM Cloud communicate in case of HA configuration.
I guess HA configuration may require a virtual IP address to receive logs from endpoint devices and to send the logs to XSIAM Cloud.
For example, there are 3 IP addresses.
(1)Broker VM A : 10.0.0.5
(2)Broker VM B: 10.0.0.6
(3)Virtual IP address: : 10.0.0.7
To which IP address should endpoint devices send logs ? both (1) and (2)? or (3)?
From which IP address should XDR Broker VM send logs to XSIAM Cloud? both (1) and (2)? or (3)?
08-27-2025 08:33 AM
Hi @miyako
The BVM HA configuration requires FQDN set up which I assume you already did.
So the FQDN should be the proxy to which your agents will communicate to.
The former is valid for Cortex XDR and XSIAM
Please check the doc:
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.
KR,
Luis
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
