Activate the Local Agent Settings
From the Cortex® XDR™ management console, you can activate or deactivate your local agent collector application.
The Local Agent Settings applet on the Palo Alto Networks Broker VM enables you to:
- Deploy the Broker VM proxy—To deploy Cortex XDR in restricted networks where endpoints do not have a direct connection to the Internet, setup the Broker VM to act as a proxy that routes all the traffic between the Cortex XDR management server and Cortex XDR agents via a centralized and controlled access point. This enables your agents to receive security policy updates, and send logs and files to Cortex XDR without a direct connection. Additionally, with the Broker VM endpoints agents are able to connect to the internet.
- Enable Broker caching—To reduce your external network bandwidth loads, you can cache Cortex XDR agent installations, upgrades, and content updates on your Cortex XDR Broker VM. The Broker VM retrieves from Cortex XDR the latest installers and content files every 15 minutes and stores them for a 30-days retention period since an agent last asked for them. If the files were not available on the Broker VM at the time of the ask, the agent proceeds to download the files directly from the Cortex XDR server. If asked by an agent, the Broker VM can also cache a specific installer that is not on the list of latest installers.
The following are prerequisites and limitations for the Local Agent Settings applet:
Each local setting on the broker VM can support up to 10,000 agents.
Agent Installer and Content Caching
After you configured and registered your Palo Alto Networks Broker VM, proceed to setup you Local Agent Settings applet.
- In Cortex XDR, settingsand locate your broker VM.Cortex XDRSettings ( )ConfigurationsBroker VM
- (Optional) To setup the Agent Proxy:
- Right-click the broker, select.Broker ManagementConfigure
- From, right-click the broker again and selectBroker ManagementConfigure.Local Agent SettingsActivate
- In theLocal Agent Settingsconfiguration, enableAgent Proxy. You can also specify theAgent Proxy Listening Interface.When you install your Cortex XDR agents, you must configure the IP address of the broker VM and a port number during the installation. You can use the default 8888 port or set a custom port. You are not permitted to configure port numbers between 0-1024 and 63000-65000, or port numbers 4369, 5671, 5672, 5986, 6379, 8000, 9100, 15672, 25672. Additionally, you are not permitted to reuse port numbers you already assigned to the Syslog Collector applet.
- (Optional) To setup up Agent Installer and Content Caching:
- Ensure you uploaded your SHA256-based certificates.
- Specify the Broker VM FQDN.Right-click the broker, select. UnderBroker ManagementConfigureDevice Name, enter your Broker VMFQDN. This FQDN record must be configured in your local DNS server.
- Activate the Local Agent Settings applet on the Broker.From, right-click the broker again, and selectBroker ManagementConfigureLocal Agent SettingsActivate
- Activate installer and content caching.In theLocal Agent Settingsconfiguration, enableAgent Installer and Content Caching.
- To enable agents to start using broker caching, you must add the Broker VM as a download source in your Agent Settings profile and select which brokers to use, as described in Add a New Agent Settings Profile. Then, ensure the profile is associated with a policy for your target agents.
- After a successful activation, theAppsfield displaysLocal Agent Settings - Active. Hover over it to view the applet status and resource usage.
- Manage the local agent settings. After the local agent settings have been activated, right-click you broker VM:
- To change your settings, click.Local Agent SettingsConfigure
- To disable the local agent settings altogether, click.Local Agent SettingsDeactivate
Recommended For You
Recommended videos not found.