Configure the Broker VM
Configure any Cortex® XDR™ broker virtual machine (VM) as necessary.
To set up the broker virtual machine (VM), you need to deploy an image created by Palo Alto Networks on your network or supported cloud infrastructure and activate the available applications. You can set up several broker VMs for the same tenant to support larger environments. Ensure each environment matches the necessary requirements.
Before you set up the broker VM, verify you meet the following requirements:
- Hardware: For standard installation, use a minimum of a 4-core processor, 8GB RAM, and 512GB disk. If you only intend to use the broker VM for agent proxy, you can use a 2-core processor. If you intend to use the broker VM for agent installer and content caching, you must use an 8-core processor.
- Bandwidth is higher than 10mbit/s.
- VM compatible with:InfrastructureImage TypeAdditional RequirementsAmazon Web Services (AWS)VMDKGoogle Cloud PlatformVMDKMicrosoft AzureVHD (Azure)Microsoft Hyper-V 2012VHDHyper-V 2012 or laterAlibaba CloudQCOW2Nutanix HypervisorQCOW2Create a Broker VM Image for a Nutanix HypervisorNutanix AHV 2021UbuntuQCOW2Create a Broker VM Image for UbuntuVersion 18.04VMware ESXiOVAVMware ESXi 6.0 or later
- Enable communication between the Broker Service, and other Palo Alto Networks services and apps.FQDN, Protocol, and PortDescription(Default)
UDP port 123NTP server for clock synchronization between the syslog collector and other apps and services. The broker VM provides default servers you can use, or you can define an NTP server of your choice. If you remove the default servers, and do not specify a replacement, the broker VM uses the time of the host ESX.br-<XDR tenant>.xdr.<region>.paloaltonetworks.comHTTPS over TCP port 443Broker Service server depending on the region of your deployment, such asusoreu.distributions-prod-us.traps.paloaltonetworks.comHTTPS over TCP port 443Information needed to communicate with your Cortex XDR tenant. Used by tenants deployed in all regions.
- Enable Access to Cortex® XDR™ from the broker VM to allow communication between agents and the Cortex XDR app.You must also add the Broker Service FQDNs to the SSL Decryption Exclusion list on your Palo Alto Networks firewalls. If you are using self-signed certificate authority, make sure configurecert_ssl-decrypt.crton the broker.
Configure your broker VM as follows:
- In Cortex XDR, select.Settings ( )ConfigurationsBroker VM
- Downloadand install the broker VM images for your corresponding infrastructure:
- Microsoft Hyper-V—Use theVHDimage.
- VMware ESXi—Use theOVAimage.
- Generate Tokenand copy to your clipboard.The token is valid only for 24 hours. A new token is generated each time you selectGenerate Token.
- Navigate tohttps://<broker_vm_ip_address>/.
- Log in with the default password!nitialPassw0rdand then define your own unique password.The password must contain a minimum of eight characters, contain letters and numbers, and at least one capital letter and one special character.
- Configure your broker VM settings:
- In theNetwork Interfacesection, review the pre-configuredName,IPaddress, andMAC Address, select theAddress Allocation:DHCP(default) orStatic, and select to either toDisableor set asAdminthe network address as the broker VM web interface.
- If you chooseStatic, define the following andSaveyour configurations:
- Default Gateway
- DNS Server
- (Requires Broker VM 14.0.42 and later) (Optional)Internal NetworkSpecify a network subnet to avoid the broker VM dockers colliding with your internal network. By default, theNetwork Subnetis set to172.17.0.1/16.Internal IP must be:
For Broker VM version 9.0 and lower, Cortex XDR will accept only172.17.0.0/16.
- Formatted asprefix/mask, for example192.0.2.1/24.
- Must be within/8to/24range.
- Cannot be configured to end with a zero.
- (Optional) Configure aProxy Server.
- Select the proxyType:HTTP,SOCKS4orSOCKS5
- Enter the proxyAddress,Portand an optionalUserandPassword. Select the pencil icon to enter the password.
- Saveyour configurations.
- (Optional) (Requires Broker VM 8.0 and later) Configure yourNTPservers.
- (Requires Broker VM 8.0 and later) (Optional) In theSSH Accesssection,EnableorDisableSSH connections to the broker VM. SSH access is authenticated using a public key, provided by the user. Using a public key grants remote access to colleagues and Cortex XDR support who the private key. You must have Instance Administrator role permissions to configure SSH access.To enable connection, generate an RSA Key Pair, enter the public key in theSSH Public Keysection. Once one SSH public key is added, you can+Add Another. When you are finished,Saveyour configuration.When using PuTTYgen to create your public and private key pairs, you need to copy the public key generated in thePublic key for pasting into OpenSSH authorized_keys filebox, and paste it in the broker VMSSH Public Keysection as explained above. This public key is only available when the PuTTYgen console is open after the public key is generated. If you close the PuTTYgen console before pasting the public key, you will need to generate a new public key.
- (Requires Broker VM 10.1.9 and later) (Optional) In theSSL Certificatessection, upload your signed server certificate and key to establish a validated secure SSL connection between your endpoints and the broker VM. Cortex XDR validates that the certificate and key match, but does not validate the Certificate Authority (CA).The Palo Alto Networks Broker supports only strong cipher SHA256-based certificates. MD5/SHA1-based certificates are not supported.
- In theTrusted CA Certificatesection, upload your signed Certificate Authority (CA) certificate or Certificate Authority chain file in a PEM format. Configuring a trusted CA certificate is useful when the Broker VM communication with Cortex XDR is inspected by an SSL decrypting device. For example, when configuring Palo Alto Networks NGFW to decrypt SSL using a self-signed certificate. To ensure the broker can validate a self-signed CA, configurecert_ssl-decrypt.crton the broker vm.
- (Requires Broker VM 8.0 and later) (Optional) Collect andDownload Logs. Your XDR logs will download automatically after approximately 30 seconds.
- Registerand enter your uniqueToken, created in Cortex XDR console.Registration of the Broker VM can take up to 30 seconds.You are directed in Cortex XDR toAfter a successful registration, Cortex XDR displays a notification.. TheSettings ( )ConfigurationsBroker VMBroker VMspage displays your broker VM details and allows you to edit the defined configurations.
Recommended For You
Recommended videos not found.