This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

chsmith
L1 Bithead

‎12-07-2016 05:32 PM

This board has been created to provide a location in which to ask quick questions about the Traps product, (including information about the installation or management of the Endpoint Security Manager, the Traps endpoint agent, and the associated utilities), interesting configurations you've implemented, to initiate discussions about your experiences running Traps, and to connect with other Traps experts.

 

You can find the Traps/Endpoint Knowledge Base here (opens in a new window/tab): Endpoint Articles

 

(Please note that while this forum will include activity from the Traps support team, any urgent issues should be reported to Support directly to ensure prompt attention).

 

Thanks for stopping by and joining the conversation!

7 people had this problem.
5 REPLIES 5

JDominguez
L2 Linker

‎07-11-2017 12:20 PM - edited ‎07-13-2017 07:06 AM

Hey Community,

 

I need some help with a deployment architecture. 

 

For a small install (less than 1000 end points) can both the DB and the EMS Console&Server be hosted on a single virtualized server?

 

Or should we deploy the solution with 2 dedicated servers:

1x server = ECM Console and ECM Server on same machine

1x database server = SQLite OR SQL 2014 – not sure which one?

 

According to the below documentation, the install can be done using one server.

 

https://www.paloaltonetworks.com/documentation/40/endpoint/endpoint-admin-guide/traps-deployment-sce...

 

Any help/feedback is much appreciated.

 

- JD

0 Likes Likes

acc6d0b3610eec313831f7900fdbd235
L4 Transporter
In response to JDominguez

‎07-13-2017 12:45 AM

Hi @JDominguez

 

Based on your description, there are two applicable options: Standalone Deployment and Small Single Site Deployment.

 

Standalone Deployment

Screen Shot 2017-07-13 at 12.26.33 AM.png

 

 This design is typically recommended for initial proof of concept (POC) or a small site with fewer than 3000 Traps agents, use a standalone deployment to install the following Endpoint Security Manager (ESM) components on a single server or virtual machine:

• ESM Server

• ESM Console

• Forensic (quarantine) folder

• Database

I don't recommend to any of my customers to use this design in production, as it does not provide any redundancy for console or cores.

 

 

 

Small Single Site Deployment

 

Screen Shot 2017-07-13 at 12.27.04 AM.pngAs per the link you posted, and the official admin guide, this design requires:

 

  • One dedicated database server
  • One ESM Console for managing the security policy and Traps agents
  • Two ESM Servers, one primary and one backup, on the same network segment as the database server and ESM Console
  • One forensic folder accessible by all endpoints for storing real-time forensic details about security

This is the minimal I always recommend to all my clients due to the redundancy aspects and flexibility.

 

Now to your questions.

My recommendation is that you adopt the Small Single Site Deployment

1 x ESM Console + Core (Combined)

1 x ESM Core (Redundancy)

1 x Database Server - Notice that SQLITE is no longer supported or recommended by Palo Alto even in POCs; hence, the official recommendation for environments with more than 250 endpoints is SQL Server Enterprise or SQL Server Standard as per the below screenshot.

Important: You only can have one console installed.

 

For further details on requirements please refer tothe following for the administrator guide: link: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical-documentation/40/endpoin...

Screen Shot 2017-07-13 at 12.39.00 AM.png

I hope this helps. 

 

 

 

 

JDominguez
L2 Linker
In response to acc6d0b3610eec313831f7900fdbd235

‎07-13-2017 07:04 AM

Hi @acc6d0b3610eec313831f7900fdbd235,

 

The above helps alot! Thanks for the time and effort you put into your reply - it's much appreciated!

 

I'm sure many more folks will be using this post for reference.

 

Regards,

 

Josh Dominguez

0 Likes Likes

ESutedy
L2 Linker

‎09-06-2017 06:12 PM

Hi,

 

I cant seem to find a setting to change the date format from m/d/y to d/m/y.

 

If the setting is not there, how do i make suggestion to PA to add these setting?

 

Thanks

0 Likes Likes

MyBudget
L1 Bithead
In response to ESutedy

‎10-12-2017 09:38 PM

I logged the same request as a bug under 4.0.1 a while back and was advised that it would be addressed in a future version, so I expect that it is on a road-map somewhere.

 

Much as I can work with m/d/y formatting, it's nice to have the d/m/y formatting that we are used to and have with our other products, like Windows, McAfee, SQL, Office, SAP, Exchange (ok - maybe not so much Exchange - backend Powershell prefers m/d/y).

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2023 - Palo Alto Networks