Telemetry Agent Frequently Asked Questions

Printer Friendly Page


How do I participate in the Telemetry Agent program?


You can register at:

Complete the form and get access to the following:

  • Credentials to the private container registry (Telemetry Agent software)
  • Secure token for communication between the Telemetry Agent and receiver
  • Docker Compose YAML file
  • Docker Compose .env file (contains the required environmental variables for Docker Compose)

Please download the Telemetry Agent QuickStart Guide, which will walk you through the entire process.



Where do I go if I need help or want to provide feedback regarding the Telemetry Agent?


Please open a case with Customer Support if you need help with the Telemetry Agent.  To provide general feedback, send email to



 What are the minimum system requirements for the Telemetry Agent? 



  • Docker version 19.03.0 or above
  • Docker Compose version 1.25.0 or above

OS (Operating Systems) supported

Compute resources

  • 4 Cores
  • 4GB Memory
  • 50GB Storage

Network Connectivity

  • SSH and HTTPS connectivity to registered devices and HTTPS connectivity cloud receiver


  • Up to 250 registered devices (This includes Panorama and NGFWs)
  • One Telemetry Agent per physical location is recommended where possible to limit devices per agent
  • Scaling beyond 250 devices per agent is possible (by adding compute resources), but has not been tested in this release


My system has a previous installation of docker and docker-compose which does not appear to be compatible with the instructions in the QuickStart Guide. What should I do?


The instructions provided in the QuickStart Guide assume a new VM or physical machine installation. The Telemetry Agent system requirements do not take into account any additional software running on the machine.



I have SSL decryption between my Telemetry Agent machine and the Internet. When I attempt to run the command: "curl -fsSL -o" as outlined in the Docker Linux 'convenience script' guide I get an SSL error and it doesn't work. What should I do?


Curl has a command line option which allows for ignorning SSL errors "-k". Just add "-k" to the curl command options list and it should work. e.g. "curl -kfsSL -o"



While running the Docker installation command for the Telemetry Agent, I get an error stating that a process can't start because the requested port has a conflict (already in use, reserved or not authorized). What should I do?


The instructions provided in the QuickStart Guide assume a new VM or physical machine installation. The Telemetry Agent system requirements do not take into account any additional software running on the machine. You will need to stop or remove the software causing the conflict.  You may also modify the docker-compose.yml file to change port usage (this is covered in another Q/A).



When I register for the Beta program at the telemetry portal, I only get one "Secure Token". What if I need or want to use more than one agent?


The "Secure Token" is tied to your identity and each user who registers is allowed one token. You may use that same token on as many Telemetry Agents as you like.



What data does the Telemetry Agent collect?


Bundled log files, configuration files and other data used to help Palo Alto Networks Support Diagnose issues with a device and/or product.
Configuration, device hardware and software metrics used to measure usage against published limits and provide situational awareness to known issues.
Includes threat prevention reports which increase visibility into security posture.
Configuration logs allow for correlation between device health or security posture, and configuration changes to the device.


All of these categories are configurable globally (opt-in/opt-out) in the agent UI under Configuration->Telemetry.



What if I want the Telemetry Agent interface to run on a port other than 443? What can I do?


The docker-compose.yaml file which came in the "Installation Bundle" can be modified to accommodate this. Open the docker-compose.yaml file in a plain text editor and modify the following section.  In this example we have changed port 80 to 8080 and port 443 to 4443:


   container_name: telemetry_agent_proxy


   restart: always


      - '8080:80'

      - '4443:443'


      - 'telemetry_agent_static:/static:ro'

      - www:/var/www:ro

      - proxy_certs:/certs


      - app


Once you have made the changes, save the file refresh the agent with the following command:


docker-compose -p agent up -d


That's it! You should now be able to reach the Telemetry Agent UI on port 4443 or port 8080 (which will be redirected to port 4443). e.g.


Where can I view the data collected by the Telemetry Agent Beta?


The Telemetry Agent is a data acquisition mechanism, and not meant to surface data or insights derived from that data.  Device Insights, available soon in the Cortex Hub will be the location for visualizing telemetry data.

Participation in the Telemetry Agent beta program prior to the availability of Device Insights will establish a foundation of data upon which insights can be delivered at first login to Device Insights.  In addition to building this data foundation, we have included Technical Support File (TSF) collection in the agent.  This feature will help to provide the data necessary for Palo Alto Networks Support and Services to better serve you in the event you need help.



Does the Telemetry Agent support IPv6?


The Telemetry Agent does not currently support IPv6, however, it is a feature we will be adding in the near future.

Tags (1)
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
21 of 21
Last update:
‎08-14-2020 01:55 PM
Updated by: