1. Home
    2. Cortex
    3. Cortex XDR
    4. Cortex XDR™ Pro Administrator’s Guide
    5. Broker VM
    6. Set up Broker VM
    7. Configure the Broker VM

    Configure the Broker VM

    Configure any Cortex® XDR™ broker virtual machine (VM) as necessary.
    To set up the broker virtual machine (VM), you need to deploy an image created by Palo Alto Networks on your network or supported cloud infrastructure and activate the available applications. You can set up several broker VMs for the same tenant to support larger environments. Ensure each environment matches the necessary requirements.
    Before you set up the broker VM, verify you meet the following requirements:
    • Hardware: For standard installation, use a minimum of a 4-core processor, 8GB RAM, and 512GB disk. If you only intend to use the broker VM for agent proxy, you can use a 2-core processor. If you intend to use the broker VM for agent installer and content caching, you must use an 8-core processor.
      The broker VM comes with a 512GB disk. Therefore, deploy the broker VM with thin provisioning, meaning the hard disk can grow up to 512GB but will do so only if needed.
    • Bandwidth is higher than 10mbit/s.
    • VM compatible with:
      Infrastructure
      Image Type
      Additional Requirements
      Amazon Web Services (AWS)
      VMDK
      Google Cloud Platform
      VDMK
      QCOW2
      VDMK
      Microsoft Azure
      VHD (Azure)
      Microsoft Hyper-V 2012
      VHD
      Hyper-V 2012 or later
      VMware ESXi
      OVA
      VMware ESXi 6.0 or later
    • Enable communication between the Broker Service, and other Palo Alto Networks services and apps.
      FQDN, Protocol, and Port
      Description
      (
      Default
      )
      • time.google.com
      • pool.ntp.org
      UDP port 123
      NTP server for clock synchronization between the syslog collector and other apps and services. The broker VM provides default servers you can use, or you can define an NTP server of your choice. If you remove the default servers, and do not specify a replacement, the broker VM uses the time of the host ESX.
      br-
      <XDR tenant>
      .xdr.us.paloaltonetworks.com
      HTTPS over TCP port 443
      Broker Service server depending on the region of your deployment, either
      us
       or
      eu
      .
      distributions-prod-us.traps.paloaltonetworks.com
      HTTPS over TCP port 443
      Information needed to communicate with your Cortex XDR tenant. Used by tenants deployed in all regions.
    • Enable Access to Cortex® XDR™ from the broker VM to allow communication between agents and the Cortex XDR app.
      You must also add the Broker Service FQDNs to the SSL Decryption Exclusion list on your Palo Alto Networks firewalls. If you are using self-signed certificate authority, make sure configure
      cert_ssl-decrypt.crt
       on the broker.
    Configure your broker VM as follows:
    1. In Cortex XDR, select
      Settings ( )
      Configurations
      Broker VM
      .
    2. Download
       and install the broker VM images for your corresponding infrastructure:
    3. Generate Token
       and copy to your clipboard.
      The token is valid only for 24 hours. A new token is generated each time you select
      Generate Token
      .
    4. Navigate to
      https://<broker_vm_ip_address>/
      .
    5. Log in with the default password
      !nitialPassw0rd
       and then define your own unique password.
      The password must contain a minimum of eight characters, contain letters and numbers, and at least one capital letter and one special character.
    6. Configure your broker VM settings:
      1. In the
        Network Interface
         section, review the pre-configured
        Name
        ,
        IP
         address, and
        MAC Address
        , select the
        Address Allocation
        :
        DHCP
         (default) or
        Static
        , and select to either to
        Disable
         or set as
        Admin
         the network address as the broker VM web interface.
        • If you choose
          Static
          , define the following and
          Save
           your configurations:
          • Static
            IP
             address
          • Netmask
          • Default Gateway
          • DNS Server
      2. (
        Optional
        ) Configure a
        Proxy Server
        .
        • Select the proxy
          Type
          :
          HTTP
          ,
          SOCKS4
           or
          SOCKS5
        • Enter the proxy
          Address
          ,
          Port
           and an optional
          User
           and
          Password
          . Select the pencil icon to enter the password.
        • Save
           your configurations.
      3. (
        Optional
        ) (
        Requires Broker VM 8.0 and later
        ) Configure your
        NTP
         servers.
        Enter the required server addresses using the FQDN or IP address of the server.
      4. (
        Requires Broker VM 8.0 and later
        ) (
        Optional
        ) In the
        SSH Access
         section,
        Enable
         or
        Disable
         SSH connections to the broker VM. SSH access is authenticated using a public key, provided by the user. Using a public key grants remote access to colleagues and Cortex XDR support who the private key. You must have Instance Administrator role permissions to configure SSH access.
        To enable connection, generate an RSA Key Pair, enter the public key in the
        SSH Public Key
         section and
        Save
         your configuration.
      5. (
        Requires Broker VM 10.1.9 and later
        ) (
        Optional
        ) In the
        SSL Certificates
         section, upload your signed server certificate and key to establish a validated secure SSL connection between your endpoints and the broker VM. Cortex XDR validates that the certificate and key match, but does not validate the Certificate Authority (CA).
        The Palo Alto Networks Broker supports only strong cipher SHA256-based certificates. MD5/SHA1-based certificates are not supported.
      6. In the
        Trusted CA Certificate
         section, upload your signed Certificate Authority (CA) certificate or Certificate Authority chain file in a PEM format. Configuring a trusted CA certificate is useful when the Broker VM communication with Cortex XDR is inspected by an SSL decrypting device. For example, when configuring Palo Alto Networks NGFW to decrypt SSL using a self-signed certificate. To ensure the broker can validate a self-signed CA, configure
        cert_ssl-decrypt.crt
         on the broker vm.
      7. (
        Requires Broker VM 8.0 and later
        ) (
        Optional
        ) Collect and
        Download Logs
        . Your XDR logs will download automatically after approximately 30 seconds.
    7. Register
       and enter your unique
      Token
      , created in Cortex XDR console.
      Registration of the Broker VM can take up to 30 seconds.
      After a successful registration, Cortex XDR displays a notification.
      You are directed in Cortex XDR to
      Settings ( )
      Configurations
      Broker VM
      . The
      Broker VMs
       page displays your broker VM details and allows you to edit the defined configurations.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo