ESM Server Software Requirements
In a Multi-ESM Server deployment you can deploy multiple ESM Servers to support the agents in your organization. Each ESM Server supports up to 30,000 agents for a total number of 150,000 agents per database. While you can deploy as many ESM Servers as you want, you cannot exceed the total number of supported agents for the database.
Before installing ESM Server software, make sure that the server meets the following prerequisites:
- ESM Server and ESM Console running the same version.
- ESM Server hostname of 15 or fewer characters
- Clock that is synchronized to the time of other ESM components (console and database) using standard enterprise networking means such as Windows Time Service (WTS).
- Ensure that the round-trip communication time between the ESM Server and the database is less than 80 ms.
- .NET Framework 4.5.1 Full or later
- SSL certificate from a trusted certificate authority (CA) with server authentication and client authentication (recommended)
- Allow communication on the TCP port from clients to server (the default is port 2125)
- For automated content updates, enable SSL/TLS 1.2 communication between the ESM Server and the followings sites on port 443:
- Forensic folder with BITS enabled
- Internet Information Services (IIS) 7.0 or above with ASP.NET and Static Content Compressions components
- English- or Japanese-language version of a physical or virtual Windows Server. To determine which versions of Windows Server are supported, refer to Where Can I Install the Endpoint Security Manager(ESM)? in the Palo Alto Networks® Compatibility Matrix.
- Communication between the ESM Server and the agents is based on Windows Communication Foundation (WCF) client with a TLS/SSL version which is dependent on the version of the Traps agent and the operating system.
- Traps 4.0 and 4.1 releases on Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008—TLS/SSL 1.0
- Traps 4.0 and 4.1 releases on all other operating systems—TLS/SSL 1.2
- Traps 3.4 releases—TLS/SSL 1.0
- For ESM Server hardware requirements, see Distributed Endpoint Security Manager Hardware Requirements
Upgrade to Traps 4.2
Upgrade to Traps 4.2 The Traps™ 4.2 release comprises the Endpoint Security Manager (ESM) Server, the ESM Console, and the Traps agent. Use the following ...
TLS/SSL Encryption for Traps Components
TLS/SSL Encryption for Traps Components Traps supports Transport Layer Security (TLS) versions 1.0 and 1.2 and Secure Sockets Layer (SSL) version 3.0. TLS/SSL, which is ...
Traps for Windows Requirements
Windows endpoints must meet the following requirements to install the Traps agent 4.2. ...
Install the Endpoint Security Manager Server Software
Install the Endpoint Security Manager Server Software To install the Endpoint Security Manager (ESM) Server software: Before you begin: Verify that the server meets the ...
Upgrade Considerations The following table lists the new features that have upgrade impact. Before you upgrade the ESM and Traps to release 4.2 , make ...
Set Up the Endpoint Infrastructure
Set Up the Endpoint Infrastructure Use the following workflow to set up the Endpoint infrastructure or, to upgrade your existing Endpoint infrastructure, use the workflow ...
Manage Multiple ESM Servers
Manage Multiple ESM Servers After installing each ESM Server (see Install the Endpoint Security Manager Server Software ), the ESM Console displays identifying information about ...
Issues Addressed in Traps Endpoint Security Manager 4.2
List of addressed issues in the Traps Endpoint Security Manager 4.2. ...
Manage Content Updates
Manage Content Updates Content updates are categorized on the Support Portal by ESM version. To update the default policy of the ESM Console, you must ...