Configure the Broker VM

To set up the broker virtual machine (VM), you need to deploy an image created by Palo Alto Networks on your network or AWS/Azure cloud environments and activate the available applications. You can set up several broker VMs for the same tenant to support larger environments. Ensure each environment matches the necessary requirements.
Before you set up the broker VM, verify you meet the following requirements:
  • Hardware: For standard installation use 4-core processor, 8GB RAM, 512GB disk. For Agent Proxy only, you can use 2-core processor.
    The Broker VM comes with 512GB, you should deploy
    thin provisioning
    , meaning that the hard disk can grow up to 512GB but will do so only if needed.
  • VM compatible with:
    Image Type
    Infrastructure
    OVA
    VMware ESXi 6.0 or later
    VMDK
    VHD
    Hyper-V 2012 or later
    VHD (Azure)
    Azure
  • Enable communication between the Broker Service, and other Palo Alto Networks services and apps. Confirm your Cortex XDR version to ensure you enable the appropriate connections.
    FQDN, Protocol, and Port
    Description
    Required for All Cortex XDR Versions
    (
    Default
    )
    • rolex.usg.edu
    • ntp2.netwrx1.com
    • 0.north-america.pool.ntp.org
    UDP port 123
    NTP server for clock synchronization between the syslog collector and other apps and services. The broker VM provides default servers you can use, or you can define an NTP server of your choice. If you remove the default servers, and do not specify a replacement, the broker VM uses the time of the host ESX.
    dl.magnifier.paloaltonetworks.com
    HTTPS over TCP port 443
    VM and analytics engine package upgrades.
    pathfinder-docker.magnifier.paloaltonetworks.com
    HTTPS over TCP port 443
    VM docker images required by package upgrades.
    bintray-cdn.paloaltonetworks.com
    HTTPS over TCP port 443
    Server used to distribute broker upgrade package.
    Required for Cortex XDR 2.0 and later
    br-
    <XDR tenant>
    .xdr.
    <region>
    .paloaltonetworks.com
    HTTPS over TCP port 443
    Broker Service server depending on the region of your deployment, either
    us
    or
    eu
    .
    distributions-prod-us.traps.paloaltonetworks.com
    HTTPS over TCP port 443
    Information needed to communicate with your Cortex XDR tenant. Used by tenants deployed in all regions.
  • Enable Access to Cortex XDR from the broker VM to allow communication between agents and the Cortex XDR app.
Configure your broker VM as follows:
  1. In Cortex XDR, select
    gear.png
    Settings
    Broker
    VMs
    .
  2. Download
    and install one of the following broker images:
    • OVA
    • VHD
    • VHD (Azure)
      —Cortex XDR supports Azure compatible VM.
    • VMDK
      Convert Cortex XDR VMDK image to Amazon Web Services AMI.
  3. Generate Token
    and copy to your clipboard.
    broker-vm-generate-token.png
    The token is valid only for 24 hours. A new token is generated each time you select
    Generate Token
    .
  4. Navigate to
    https://<broker_vm_ip_address>/
    .
  5. Log in with the password
    !nitialPassw0rd
    and then define your own unique password.
    broker-vm-web.png
    The password must contain a minimum of eight characters, contain letters and numbers, and at least one capital letter and one special character.
  6. Configure your broker VM settings:
    broker-vm-configuration.png
    1. In the
      Network Interface
      section, review the pre-configured
      Name
      ,
      IP
      address, and
      MAC Address
      , select the
      Address Allocation
      :
      DHCP
      (default) or
      Static
      , and select to either to
      Disable
      or set as
      Admin
      the network address as the broker VM web interface.
      broker-vm-network-configuration.png
      • If you choose
        Static
        , define the following and
        Save
        your configurations:
        • Static
          IP
          address
        • Netmask
        • Default Gateway
        • DNS Server
        broker-vm-static-configuration.png
    2. (
      Optional
      ) Configure a
      Proxy Server
      .
      • Select the proxy
        Type
        :
        HTTP
        ,
        SOCKS4
        or
        SOCKS5
      • Enter the proxy
        Address
        ,
        Port
        and an optional
        User
        and
        Password
        . Select the pencil icon to enter the password.
      • Save
        your configurations.
      broker-vm-proxy-configuration.png
    3. (
      Requires Broker VM 8.0 and later
      ) (
      Optional
      ) In the
      NTP
      section, configure your NTP servers.
      Enter the server addresses according to the information detailed in the grant communications table. You can enter a server address or IP address.
      broker-vm-ntp-configuration.png
    4. (
      Requires Broker VM 8.0 and later
      ) (
      Optional
      ) In the
      SSH Access
      section,
      Enable
      or
      Disable
      SSH connections to the broker VM. SSH access is authenticated using a public key, provided by the user. Using a public key grants remote access to colleagues and Cortex XDR support who the private key. You must have
      App Administrator
      role permissions to configure SSH access.
      To enable connection, generate an RSA Key Pair, enter the public key in the
      SSH Public Key
      section and
      Save
      your configuration.
      broker-vm-ssh-configuration.png
    5. (
      Requires Broker VM 8.0 and later
      ) (
      Optional
      ) Collect and
      Download Logs
      . Your XDR logs will download automatically after approximately 30 seconds.
  7. Register
    and enter your unique
    Token
    , created in Cortex XDR console.
    broker-vm-token.png
    Registration of the Broker VM can take up to 30 seconds.
    After a successful registration, a registered notification will appear.
    broker-success.png
    You are directed to
    Cortex XDR
    gear.png
    Settings
    Broker
    VMs
    . The
    Broker VMs
    page displays your broker VM details and allows you to edit the defined configurations.

Recommended For You