To set up the broker virtual machine (VM), you
need to deploy an image created by Palo Alto Networks on your network
or supported cloud infrastructure and activate the available applications.
You can set up several broker VMs for the same tenant to support
larger environments. Ensure each environment matches the necessary
requirements.
Before you set up the broker VM, verify you
meet the following requirements:
Hardware:
For standard installation, use a minimum of a 4-core processor,
8GB RAM, and 512GB disk. If you only intend to use the broker VM
for agent proxy, you can use a 2-core processor.
The
broker VM comes with a 512GB disk. Therefore, deploy the broker
VM with
thin provisioning
, meaning the hard disk can
grow up to 512GB but will do so only if needed.
Enable communication between the Broker Service, and other
Palo Alto Networks services and apps.
FQDN, Protocol, and Port
Description
(
Default
)
rolex.usg.edu
ntp2.netwrx1.com
0.north-america.pool.ntp.org
UDP
port 123
NTP server for clock synchronization between the
syslog collector and other apps and services. The broker VM provides
default servers you can use, or you can define an
NTP server of your choice. If you remove the default servers, and do
not specify a replacement, the broker VM uses the time of the host
ESX.
br-
<XDR tenant>
.xdr.
<region>
.paloaltonetworks.com
HTTPS
over TCP port 443
Broker Service server depending on the region of
your deployment, either
us
or
eu
.
distributions-prod-us.traps.paloaltonetworks.com
HTTPS
over TCP port 443
Information needed to communicate with your Cortex
XDR tenant. Used by tenants deployed in all regions.
Enable Access to Cortex XDR from the broker
VM to allow communication between agents and the Cortex XDR app.
Configure
your broker VM as follows:
In
Cortex XDR, select
Settings
Broker VMs
.
Download
and
install the broker VM images for your corresponding infrastructure:
SSH
connections to the broker VM. SSH access is authenticated using
a public key, provided by the user. Using a public key grants remote access
to colleagues and Cortex XDR support who the private key. You must
have
App Administrator
role permissions to configure
SSH access.
To enable connection, generate an RSA Key Pair, enter the
public key in the
SSH Public Key
section
and
Save
your configuration.
(
Requires Broker VM 10.1.9 and later
) (
Optional
)
In the
SSL Certificates
section, upload your
signed server certificate and key to establish a validated secure
SSL connection between your endpoints and the broker VM. Cortex
XDR validates that the certificate and key match, but does not validate
the Certificate Authority.
(
Requires Broker VM 8.0 and later
) (
Optional
)
Collect and
Download Logs
. Your XDR logs
will download automatically after approximately 30 seconds.