Install the Endpoint Security Manager Server Software
To install the Endpoint Security Manager (ESM) Server software:
- Before you begin:
- Verify that the server meets the requirements described in ESM Server Software Requirements.
- Obtain an authorization code from your Palo Alto Networks Account Manager or reseller and Activate Traps Licenses.
- Obtain the software from https://support.paloaltonetworks.com (TOOLSSOFTWARE UPDATESFilter By: Endpoint Security Manager).
- Initiate the ESM Server software installation. You can
also install the ESM Server using Msiexec (see Install
Traps Components Using Windows Msiexec).
- Double click the ESMCore installation file.
- Click Next to begin the setup process.
- On the End User License Agreement dialog, select the I accept the terms in the License Agreement check box and then click Next.
- Keep the default installation folder or click Change to specify a different installation folder and then click Next.
- Specify the security level for communication between
the ESM Server and the Traps agents.To encrypt communication over SSL, use a server-client certificate file (PFX format) and supply the password for decrypting the private key.
- Specify the ESM Server port to use for access to the server or keep the default setting (2125).
- Select the certificate configuration method:
- External Certificate (SSL)—Encrypt communication between the server and the agents over SSL (default). Then Browse to the server-client certificate and enter the password required to decrypt the private key.
- No Certificate (no SSL)—Do not encrypt communication between the server and the agents (not recommended).
- Click Next.
- Configure the settings that enable communication between
the ESM Server and the database.To set up access to the database, you must specify the authentication method and a user that has administrative privileges to administer the database. The username (and password) that you enter depend on the type of authentication method that you select: either Windows authentication (recommended) or SQL server authentication.
- Enter the fully qualified domain name or IP address of the database Server Name. If your SQL Server uses an instance other than the default, you must also include the instance name in the format <servername>\<instance>.
- Enter the name of the Database Name.
- Select the method of authentication and enter the
account credentials. This account must also be added as a database
owner on the database server (for more information, see Configure
the MS-SQL Server Database).
- Use Windows Authentication to authenticate using a Windows domain user account that has privileges to administer the database server and enter the Domain\User (for example, mydomain\administrator) and Password.
- Use SQL Server Authentication to authenticate using a local user that has privileges to administer the database and enter the Login and Password.
- To enable secure communication between the ESM Server
and the database using TLS/SSL 1.2:
Secure communication between the ESM Server and the database is supported with only SQL Server Enterprise or SQL Server Standard.
- Select Secure DB Connection (SSL). This option enables the ESM Server to encrypt communication between the ESM Server and the database.
- For even stricter security, select the option to Validate SQL Server Certificate Signer. This enables the ESM Server to validate that the certificate the database presents matches a specific certificate. For validation to succeed, you must import the database certificate into Trusted Root Certification Authorities.
- Click Next.If one or more ESM Servers already connect to the database, the installer prompts you to join the database cluster of ESM Servers. If you select Yes, the installer obtains the remaining installation settings from the database. Skip to step 7 to complete the installation.
- Set the password to uninstall the Traps software.
- Enter and then confirm an uninstall password, which must be eight characters or more. You will be prompted for this password any time you or a user tries to uninstall Traps software.
- Click Next.
- Import the Traps license. If you choose not provide a
Traps license during installation, you will have read-only access
to the ESM Console until you add a valid Traps license.
- Browse to the license
file and then click Open. If you do not have
a license, contact your Account Manager, reseller, or go to https://support.paloaltonetworks.com.The installer displays license details for the license file.
- Click Next.
- Browse to the license file and then click Open. If you do not have a license, contact your Account Manager, reseller, or go to https://support.paloaltonetworks.com.
- Complete the installation.
- Click Install.
- When the installation is complete, click Finish.
Install the Endpoint Security Manager Console Software
Install the Endpoint Security Manager Console Software You can install the ESM Console software on a dedicated server or on the same server as the ...
Upgrade to Traps 4.1
Upgrade to Traps 4.1 The Traps™ 4.1 release comprises the Endpoint Security Manager (ESM) Server, the ESM Console, and the Traps agent. Use the following ...
ESM Server Software Requirements
ESM Server Software Requirements In a Multi-ESM Server deployment you can deploy multiple ESM Servers to support the agents in your organization. Each ESM Server ...
Set Up the Endpoint Infrastructure
Set Up the Endpoint Infrastructure Use the following workflow to set up the Endpoint infrastructure or, to upgrade your existing Endpoint infrastructure, use the workflow ...
Set Up Traps in a VDI Environment Overview
Set Up Traps in a VDI Environment Overview Use the following workflow to set up Traps in a VDI environment. Review the installation considerations and ...
Database The database stores administrative information, security policy rules, endpoint history, and other information about security events. The database is managed over the MS-SQL platform. ...
Traps Endpoint Security Manager Known Issues
Known issues with the Traps Endpoint Security Manager and Traps agent 4.1. ...
Database Software Requirements
Database Software Requirements The server-side applications require an SQL database that can be either a local database installed on the same server as the ESM ...
Install Traps on Mac Endpoints
Install Traps on Mac Endpoints Before you can install or upgrade Traps for Mac, you must download the software from the Support portal and then ...