ESM Server Software Requirements
In a Multi-ESM Server deployment you can deploy multiple ESM Servers to support the agents in your organization. Each ESM Server supports up to 30,000 agents for a total number of 150,000 agents per database. While you can deploy as many ESM Servers as you want, you cannot exceed the total number of supported agents for the database.
Before installing ESM Server software, make sure that the server meets the following prerequisites:
- ESM Server and ESM Console running the same version.
- ESM Server hostname of 15 or fewer characters
- Ensure that the round-trip communication time between the ESM Server and the database is less than 80 ms.
- .NET Framework 4.5.1 Full
- SSL certificate from a trusted certificate authority (CA) with server authentication and client authentication (recommended)
- Allow communication on the TCP port from clients to server (the default is port 2125)
- For automated content updates, enable SSL/TLS 1.2 communication between the ESM Server and the followings sites on port 443:
- Forensic folder with BITS enabled
- Internet Information Services (IIS) 7.0 or above with ASP.NET and Static Content Compressions components
- English- or Japanese-language version of a physical or virtual Windows Server. To determine which versions of Windows Server are supported, refer to Where Can I Install the Endpoint Security Manager(ESM)? in the Palo Alto Networks® Compatibility Matrix.
- Communication between the ESM Server and the agents is based on Windows Communication Foundation (WCF) client with a TLS/SSL version which is dependent on the version of the Traps agent and the operating system.
- Traps 4.0 and 4.1 releases on Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008—TLS/SSL 1.0
- Traps 4.0 and 4.1 releases on all other operating systems—TLS/SSL 1.2
- Traps 3.4 releases—TLS/SSL 1.0
- For ESM Server hardware requirements, see Distributed Endpoint Security Manager Hardware Requirements
Upgrade Considerations The following table lists the new features that have upgrade or downgrade impact. Before you upgrade ESM components to or downgrade from release ...
Upgrade to Traps 4.1
Upgrade to Traps 4.1 The Traps™ 4.1 release comprises the Endpoint Security Manager (ESM) Server, the ESM Console, and the Traps agent. Use the following ...
Traps Software Requirements
Traps Software Requirements Before installing Traps software, make sure that the target endpoint meets the following prerequisites: ESM Server and ESM Console running the same ...
TLS/SSL Encryption for Traps Components
TLS/SSL Encryption for Traps Components Traps supports Transport Layer Security (TLS) versions 1.0 and 1.2 and Secure Sockets Layer (SSL) version 3.0. TLS/SSL, which is ...
Set Up the Endpoint Infrastructure
Set Up the Endpoint Infrastructure Use the following workflow to set up the Endpoint infrastructure or, to upgrade your existing Endpoint infrastructure, use the workflow ...
Install Traps on Windows Endpoints
Install Traps on Windows Endpoints Before installing Traps on a Windows endpoint, verify that the system meets the requirements described in Traps Software Requirements . ...
Install the Endpoint Security Manager Server Software
Install the Endpoint Security Manager Server Software To install the Endpoint Security Manager (ESM) Server software: Before you begin: Verify that the server meets the ...
Manage Multiple ESM Servers
Manage Multiple ESM Servers After installing each ESM Server (see Install the Endpoint Security Manager Server Software ), the ESM Console displays identifying information about ...
Known Limitations with Multi-ESM Deployments
Known Limitations with Multi-ESM Deployments In a multi-ESM deployment, each ESM Server must meet the requirements specified in ESM Server Software Requirements . Multi-ESM deployments ...