This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to install a Cortex XDR agent communicating through the Palo Alto Networks Broker VM?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

How to install a Cortex XDR agent communicating through the Palo Alto Networks Broker VM?

AAlsaadi
L0 Member

‎01-05-2025 05:29 AM

1. I installed Cortex XDR Agents before setting up the Broker VM.

I want all the agents to route traffic through the Broker VM as a proxy. The Broker VM is activated and connected.

Should I uninstall the existing agents and reinstall them using the following command?

msiexec /i c:\install\cortexxdr.msi proxy_list="My.Network.Name:808,BrokerIP:8080"

Or is there an option to configure all the agents to use the Broker VM as a proxy without reinstalling them?

 

2. What will happen if an agent loses connection to the Broker VM or if the endpoint is connected to a home network? Will the agents still receive updates and policies and it will be connected?

 

Cortex XDR Cortex Data Lake Cortex XSOAR 

Cortex XDR
Thumbnail of Cortex XDR
Palo Alto Networks
Cortex XDR
Security Operations
View on Product Page
Cortex Data Lake
Thumbnail of Cortex Data Lake
Palo Alto Networks
Cortex Data Lake
Security Operations
View on Product Page
Cortex XSOAR
Thumbnail of Cortex XSOAR
Palo Alto Networks
Cortex XSOAR
Security Operations
View on Product Page
0 Likes Likes
3 REPLIES 3

I.Naseer
L1 Bithead

‎01-05-2025 10:35 AM

Hi,

 

There are 2 things in Linux:

 

1- The cortex.conf file is used during the installation of XDR Agent so, you can put the Broker VM IP Address(es) in this file before installation.

2- If you have installed the XDR Agent then update the Broker VM IP Address(es) manually:

e.g.

#cd /opt/traps/bin

#./cytool proxy set 0.0.0.0:1234

 

If you have multiple Broker VMs then use below command (Below 0.0.0.0 is the example for IP Address(es) and 1234 is the Port.)

#./cytool proxy set "0.0.0.0:1234,0.0.0.0:1234" 

 

Now verify if the Broker VM IP Address(es) has been configured successfully.

#./cytool proxy query

 

Now you should see the IP Address(es) of Broker VM. Time to restart the Services.

# systemctl restart traps_pmd.service

 

For Windows:

 

C:\Program Files\Palo Alto Networks\Traps>cytool proxy query

>cytool proxy set "0.0.0.0:1234,0.0.0.0:1234" 

>cytool runtime stop

>cytool runtime start

>cytool last_checkin

 

Time to check the XDR Portal.

 

FYI: There is no need to uninstall the Agent.

 

If above procedure works the let us know here.

 

Thank you.

 

0 Likes Likes

AAlsaadi
L0 Member
In response to I.Naseer

‎01-05-2025 11:18 AM

@I.Naseer Thank for your support.

 

1- The cortex.conf file is used during the installation of XDR Agent so, you can put the Broker VM IP Address(es) in this file before installation.

When creating the installation package, I can only select the OS type and Agent version. There is no option to include a cortex.conf file. Could you kindly explain this point in more detail? 

Note: I am using an .msi file to install the Agent.

0 Likes Likes

I.Naseer
L1 Bithead
In response to AAlsaadi

‎01-05-2025 09:41 PM

Hi,

 

For Windows there are 2 options:

 

1- During installation 

c:\Users\<username>\Downloads\msiexec /i WIN_Agent_x64.msi proxy_list="0.0.0.0:1234”

 

2- If you have already installed the agent then please go to the Portal > Select the Agent(s) > Right Click > Endpoint Control > Set Agent Proxy.

 

Also, please Cortex XSOAR and Cortex Data Lake have nothing to do with your case :). 

 

Let us know if it helps.

 

Thank you.

 

0 Likes Likes
  • 231 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks