- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-30-2023 09:56 AM
Hello,
I am a bit confused by the information in logs when an XDR enpoint is connected to a BrokerVM.
It appears that for some connexions issues, endpoints are not communicating anymore with the BrokerVM:
XDR agent on ... failed to communicate to the server via proxy
1) There isn't any Endpoint log confirming that the endpoint could reconnect to the BrokerVM.
Is there a solution for this ?
2) In case the BrokerVM isn't reachable, the agent is using Internet breakout if not disabled in Agent Setting Profile.
Is there any way to know if an endpoint is using BrokerVM or Internet Breakout connectivity ??
Thank you
11-01-2023 03:34 AM
Hi @jbhamant ,
Thank you for writing to Live Community.
You may run the following commands to verify if endpoint is using agent proxy of broker VM:
Windows:
C:\Program Files\Palo Alto Networks\Traps>cytool proxy query
Mac:
Sudo /Library/Application\ Support/PaloAltoNetworks/Traps/bin/cytool proxy query
Linux
/opt/traps/bin/cytool proxy query
Also, the BVM IP address and port should be listed under Last good Proxy in the command output. If there is no Last Good Proxy, it means your agent cannot connect to Broker VM .If Proxy server is not configured properly, you can run this command to configure Proxy.“cytool proxy set X.X.X.X:YYYY”*replace X.X.X.X with BVM IP address and YYYY with BVM port.
For more information you may refer to the below discussion:
Hope this helps.
Please mark the response as "Accept as Solution" if it answers your query.
11-02-2023 10:04 AM
Thanks for your feedback.
If there is no Last Good Proxy, it means your agent cannot connect to Broker VM
Even if the agent already connected to the BVM and cannot connect after a network issue ?
I'm not sure it answer my question of knowing if an agent is reaching the console through BVM .
In the console, you have the information of the number of current connectivity, but not the listing of connected endpoints.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!