For details on cookie usage on our site, read our Privacy Policy
traps agent content update on TMS
- LIVEcommunity
- Discussions
- Cloud Delivered Security Services
- Endpoint (Traps) Discussions
- Re: traps agent content update on TMS
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-18-2019 05:27 AM
Dear All,
I am confused whether content updates sent after the policy update or from response of heartbeat. I checked the admin guide which says content updates are "automated content updates delivered directly to your Traps management service tenant by Palo Alto Networks." No detailed info available.
Please some share document for
- automated content update interval time and process flow to check/get update.
- how to download content update to the endpoints manually.
with regards,
Ram
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-20-2019 08:39 AM
From my understanding the heartbeat connection will trigger a policy update if one is available, similarly if a new content upgrade has been pushed out the next heartbeat connection will trigger the content upgrade. Content upgrades actually being pushed to the TMS tenant are done in a phased approach and don't have a set schedule really.
If you are utilizing the TMS you can not perform a manual content upgrade on the endpoint at this time. Your agent needs to have internet access to TMS to be able to download the new policies, new content upgrades, and to verify license status.
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-20-2019 01:01 AM
I am also interested in this, especially in the second part. We have a customer who has hosts that cannot ever be connected to the internet, is it not possible to secure these via TMS and manual updates?
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-20-2019 08:39 AM
From my understanding the heartbeat connection will trigger a policy update if one is available, similarly if a new content upgrade has been pushed out the next heartbeat connection will trigger the content upgrade. Content upgrades actually being pushed to the TMS tenant are done in a phased approach and don't have a set schedule really.
If you are utilizing the TMS you can not perform a manual content upgrade on the endpoint at this time. Your agent needs to have internet access to TMS to be able to download the new policies, new content upgrades, and to verify license status.
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-20-2019 08:44 AM
If the hosts can not be granted access to the TMS tenant TMS is not going to be the proper Traps deployment for you. TMS access is required for agent activation, policy updates, content upgrades, and everything else.
In your situation I would recommend that you deploy Traps with an on-site ESM server that you can grant access to the outside world. Then the hosts only need access to the ESM server and don't actually require internet access.
Note: The Traps Management Service (Cloud/Hosted) environment and the Traps Endpoint Security Manager server (ESM) are both supported. Prior to deployment you should ensure that the install solution meets all of your needs; there are some things that are only going to be available in the ESM installation, along with features that come to TMS prior to actually being deployed in a ESM upgrade.
- Cortex XDR - Impact of Rorschach Ransomware - Problem with understanding in Endpoint (Traps) Discussions
- Vulnerability (CVE-2022-41080 in Threat & Vulnerability Discussions
- Update - Cortex XDR support for macOS 13 Ventura in Endpoint (Traps) Discussions
- License issue in Threat & Vulnerability Discussions
- Is the Applications and Threats Content updated about CVE-2022-26134 (Remote Code Execution Vulnerability in Atlassian Confluence)? in Threat & Vulnerability Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
