XDR agent on ... failed to communicate to the server via proxy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XDR agent on ... failed to communicate to the server via proxy

L0 Member

Hello,

 

I am a bit confused by the information in logs when an XDR enpoint is connected to a BrokerVM.

It appears that for some connexions issues, endpoints are not communicating anymore with the BrokerVM:

 

XDR agent on ... failed to communicate to the server via proxy

 

1) There isn't any Endpoint log confirming that the endpoint could reconnect to the BrokerVM.

Is there a solution for this ?

2) In case the BrokerVM isn't reachable, the agent is using Internet breakout if not disabled in Agent Setting Profile.

Is there any way to know if an endpoint is using BrokerVM or Internet Breakout connectivity ??

 

Thank you

2 REPLIES 2

L2 Linker

Hi @jbhamant ,

 

Thank you for writing to Live Community. 

 

You may run the following commands to verify if endpoint is using agent proxy of broker VM:
Windows:
C:\Program Files\Palo Alto Networks\Traps>cytool proxy query
Mac:
Sudo /Library/Application\ Support/PaloAltoNetworks/Traps/bin/cytool proxy query
Linux
/opt/traps/bin/cytool proxy query

 

Also, the BVM IP address and port should be listed under Last good Proxy in the command output. If there is no Last Good Proxy, it means your agent cannot connect to Broker VM .If Proxy server is not configured properly, you can run this command to configure Proxy.“cytool proxy set X.X.X.X:YYYY”*replace X.X.X.X with BVM IP address and YYYY with BVM port.


For more information you may refer to the below discussion:

https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/broker-vm-and-connection-to-the-agents-v...


Hope this helps.

Please mark the response as "Accept as Solution" if it answers your query.

L0 Member

Thanks for your feedback.

 

If there is no Last Good Proxy, it means your agent cannot connect to Broker VM

Even if the agent already connected to the BVM and cannot connect after a network issue ?

 

 

I'm not sure it answer my question of knowing if an agent is reaching the console through BVM .

In the console, you have the information of the number of current connectivity, but not the listing of connected endpoints.

jbhamant_0-1698944451176.png

 

  • 1529 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!