Edit Your Broker VM Configuration

From the Cortex® XDR™ management console you can edit the configuration of any broker VM as needed.
After configuring and registering your broker VM, select
Settings ( )
Configurations
Broker VM
to edit existing configurations and define additional settings.
  1. In the
    Broker VMs
    table, locate your broker VM, right-click and select
    Broker Management
    Configure
    .
    If the broker VM is disconnected, you can only
    View
    the configurations.
  2. In the
    Broker VM Configurations
    window, define the following settings:
    • Edit the exiting
      Network Interfaces
      ,
      Proxy Server
      ,
      NTP Server
      , and
      SSH Access
      configurations.
    • (
      Requires Broker VM 8.0 and later
      )
      Device Name
      .
      -
      Device Name
      —Change the name of your broker VM device name by selecting the pencil icon. The new name will appear in the Broker VMs table.
      -
      FQDN
      —Set your
      Broker VM FQDN
      as it will be defined in your Domain Name System (DNS). This enables connection between the WEF and WEC, acting as the subscription manager. The
      Broker VM FQDN
      settings affect the WEC and Agent Installer and Content Caching.
    • (
      Requires Broker VM 8.0 and later
      ) (
      Optional
      )
      Internal Network
      Specify a network subnet to avoid the broker VM dockers colliding with your internal network. By default, the
      Network Subnet
      is set to
      172.17.0.1/16
      .
      Internal IP must be:
      • Formatted as
        prefix/mask
        , for example
        192.0.2.1/24
        .
      • Must be within
        /8
        to
        /24
        range.
      • Cannot be configured to end with a zero.
      For Broker VM version 9.0 and lower, Cortex XDR will accept only
      172.17.0.0/16
      .
    • Auto Upgrade
      Enable
      or
      Disable
      automatic upgrade of the broker VM. By default, auto upgrade is enabled at
      Any
      time for all
      7 days
      of the week, but you can also set the
      Days in Week
      and
      Specific
      time for the automatic upgrades. If you disable auto-upgrade, new features and improvements will require manual upgrade.
    • Monitoring
      Enable
      or
      Disable
      of local monitoring of the broker VM usage statistics in Prometheus metrics format, allowing you to tap in and export data by navigating to
      http://<broker_vm_address>:9100/metrics/
      . By default, monitoring your broker VM is disabled.
    • (
      Optional
      )
      SSH Access
      • (
        For Broker VM 7.4.5 and earlier
        )
        Enable/Disable ssh
        Palo Alto Networks support team SSH access by using a Cortex XDR token.
        Enabling allows Palo Alto Networks support team to connect to the broker VM remotely, not the customer, with the generated password. Ensure the broker can validate a self-signed CA configuring
        cert_ssl-decrypt.crt
        on the broker VM.
        Make sure you save the password before closing the window. The only way to re-generate a password is to disable ssh and re-enable.
      • (
        Requires Broker VM 14.0.42 and later
        ) Customize the login banner displayed, when logging into SSH sessions on the broker VM in the
        Welcome Message
        field by overwriting the default welcome message with a new one added in the field. When the field is empty, the default message is used.
    • Broker UI Password
      Reset your current Broker VM Web UI password.
      Define
      and
      Confirm
      your new password. Password must be at least 8 characters.
  3. Save
    your changes.

Recommended For You