To set up the broker virtual machine (VM), you
need to deploy an image created by Palo Alto Networks on your network
or AWS/Azure cloud environments and activate the available applications.
You can set up several broker VMs for the same tenant to support
larger environments. Ensure each environment matches the necessary
requirements.
Before you set up the broker VM, verify you
meet the following requirements:
Hardware:
For standard installation use 4-core processor, 8GB RAM, 512GB disk.
For Agent Proxy only, you can use 2-core processor.
The
Broker VM comes with 512GB, you should deploy
thin provisioning
,
meaning that the hard disk can grow up to 512GB but will do so only
if needed.
Enable communication between the Broker Service, and other
Palo Alto Networks services and apps. Confirm your Cortex
XDR version to ensure you enable the appropriate connections.
FQDN, Protocol, and Port
Description
Required for All Cortex
XDR Versions
(
Default
)
rolex.usg.edu
ntp2.netwrx1.com
0.north-america.pool.ntp.org
UDP
port 123
NTP server for clock synchronization between the
syslog collector and other apps and services. The broker VM provides
default servers you can use, or you can define an
NTP server of your choice. If you remove the default servers, and do
not specify a replacement, the broker VM uses the time of the host
ESX.
dl.magnifier.paloaltonetworks.com
HTTPS
over TCP port 443
VM and analytics engine package upgrades.
pathfinder-docker.magnifier.paloaltonetworks.com
HTTPS
over TCP port 443
VM docker images required by package upgrades.
bintray-cdn.paloaltonetworks.com
HTTPS
over TCP port 443
Server used to distribute broker upgrade package.
Required for Cortex XDR
2.0 and later
br-
<XDR tenant>
.xdr.
<region>
.paloaltonetworks.com
HTTPS
over TCP port 443
Broker Service server depending on the region of
your deployment, either
us
or
eu
.
distributions-prod-us.traps.paloaltonetworks.com
HTTPS
over TCP port 443
Information needed to communicate with your Cortex
XDR tenant. Used by tenants deployed in all regions.
Enable Access to Cortex XDR from the broker
VM to allow communication between agents and the Cortex XDR app.
—Convert Cortex
XDR VMDK image to Amazon Web Services AMI.
Generate
Token
and copy to your clipboard.
The
token is valid only for 24 hours. A new token is generated each
time you select
Generate Token
.
Navigate to
https://<broker_vm_ip_address>/
.
Log in with the password
!nitialPassw0rd
and
then define your own unique password.
The
password must contain a minimum of eight characters, contain letters
and numbers, and at least one capital letter and one special character.
Configure your broker VM settings:
In the
Network Interface
section,
review the pre-configured
Name
,
IP
address,
and
MAC Address
, select the
Address
Allocation
:
DHCP
(default) or
Static
,
and select to either to
Disable
or set as
Admin
the
network address as the broker VM web interface.
If you choose
Static
, define
the following and
Save
your configurations:
Static
IP
address
Netmask
Default Gateway
DNS Server
(
Optional
) Configure a
Proxy Server
.
Select the proxy
Type
:
HTTP
,
SOCKS4
or
SOCKS5
Enter the proxy
Address
,
Port
and
an optional
User
and
Password
.
Select the pencil icon to enter the password.
Save
your configurations.
(
Requires
Broker VM 8.0 and later
) (
Optional
) In the
NTP
section,
configure your NTP servers.
Enter the server addresses according to the information
detailed in the grant communications
table. You can enter a server address or IP address.
(
Requires Broker VM 8.0 and later
) (
Optional
)
In the
SSH Access
section,
Enable
or
Disable
SSH
connections to the broker VM. SSH access is authenticated using
a public key, provided by the user. Using a public key grants remote
access to colleagues and Cortex XDR support who the private key.
You must have
App Administrator
role permissions to
configure SSH access.
To enable connection, generate an RSA Key Pair, enter the
public key in the
SSH Public Key
section
and
Save
your configuration.
(
Requires Broker VM 8.0 and later
) (
Optional
)
Collect and
Download Logs
. Your XDR logs
will download automatically after approximately 30 seconds.
SettingsBrokerVMs
The token is valid only for 24 hours. A new token is generated each time you selectGenerate Token.
The password must contain a minimum of eight characters, contain letters and numbers, and at least one capital letter and one special character.
Registration of the Broker VM can take up to 30 seconds.After a successful registration, a registered notification will appear.
. TheCortex XDR