This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

After not using a broker, the endpoints are unable to connect to the server.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

After not using a broker, the endpoints are unable to connect to the server.

Chilla
L1 Bithead

‎06-17-2023 12:58 AM - edited ‎06-18-2023 05:34 PM

Dear community,

I tried to make some agents connect directly to the server without using a broker. 

However, it's not able not connect to server.

I referred to the practices of others, and tried executing "cytool reconnect force", but still couldn't establish a connection. Because some endpoints can be successfully connected, it can be ruled out that the firewall is blocking the connection.

 

After checking the traps.log,

I noticed that the logs do not mention FQDN. Is this normal?

 

Furthermore, the broker has been confirmed to be offline, but it appears that it is still attempting to connect to the broker and showing a "connect timed out" error.

 

Upon checking the "All endpoints" section, it seems that the proxy field still contains the broker IP. Could this be related to the issue? But why is it that some endpoints can still connect directly to the server, even though the proxy field still contains a record?

 

thx for any help.

0 Likes Likes
1 REPLY 1

neelrohit
L5 Sessionator

‎06-17-2023 09:13 AM - edited ‎06-18-2023 12:46 AM

Hi @Chilla ,

 

Since this a public forum, I would recommend removing this post or sensitive information(logs) from the post. Also, I would recommend opening a support case with our support team to investigate the same. 

Also you might want to check with your network team if they have allowed cortex urls to facilitate connection without broker vm. Generally air gapped systems do not allow firewall rules to facilitate direct connections from  the endpoints to the cloud.

 

Also, even if the broker VM is down and the proxy configuration is set, the agent will first attempt communication to the cloud via broker 2 times. Upon 2 failures, it will attempt direct connection to the cloud. However, this setting can also be overidden to prevent direct communication and you might want to check if the agent settings policy configuration has direct server access disabled or not.

 

Hope this helps!

0 Likes Likes
  • 1000 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks