Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Routing traffic towards Broker VM

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Routing traffic towards Broker VM

L2 Linker

Hi All,

 

We have a Broker VM set up in our environment, and we only want the agents to communicate with the tenants through the Broker. However, we are seeing few endpoints talking to the Tenant directly over the internet.
Although "proxy" is specified for all of these endpoints, the "last used proxy" field is empty for a few endpoints.

Is there a way to force communication through the broker even if the endpoint has an internet connection?

 

Also, please let me know the command needed to set a proxy using Cytool on Linux as well.

 

Thanks

1 REPLY 1

L3 Networker

Hi @MithunKT 
To resolve the issue you are facing follow below suggestions.

1.Make sure network access between agent and BVM is in place. Check connection from the agent to the broker VM using telnet.

For example:
Open command prompt on the workstation computer
>> telnet <Broker IP> PORT

2.Make sure you have applied correct agent settings policy with download source as broker VM enabled to the endpoints where the proxy is failing.
As per step 14 in below link
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/customiza...


3.Set or query cloud-defined proxies for the agent to force the agent to connect XDR server through proxy.

Usage:
cytool proxy query—Display the current status of cloud-defined proxy settings.
cytool proxy set <list>—Set cloud-defined proxy settings to the proxies defined in <list>. For example: cytool proxy set "192.168.50.1:8080,192.168.60.2:808"
cytool proxy set “”—Disable cloud-defined proxy.


For Linux OS, example is below

/opt/traps/bin/cytool proxy set <IP>:8888

4.Initiate manual check-in on the endpoint to force the agent to connect server and get all the policies assigned.

Usage: cytool checkin
To verify the checkin, view the check-in time on the agent console or using cytool last_checkin command.


5.Try reconnecting to the server if communication has been disabled, or force registration with a new distribution_id.

Usage:
cytool reconnect — Reconnects the Cortex XDR agent to the management application on the server.

cytool reconnect force <Distribution_ID> — Reconnects the Cortex XDR agent to the management application on the server, with new distribution ID of installation package.


With the above steps, the agent should ideally be communicating XDR servers via the BrokerVM.

If the above info helpful, please mark this as solution.

Thank you!

  • 1647 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!