Enable Access to the Traps Management Service
After you receive your account details, enable and verify access to Traps management service.
- Before you begin, identify the storage buckets for your Traps management service.RegionStorage BucketsUS region
- To establish secure communication (TLS) to Traps management service, the endpoints, or other devices that initiate a TLS connection with Traps management service, must trust the following root CA certificates:
- Go Daddy Root Certificate Authority - G2
- Baltimore CyberTrust Root
- If you use SSL decryption, we recommend that you do not decrypt*.traps.paloaltonetworks.comand the regional storage buckets that you identified in Step 1.To exclude Traps services and storage buckets from decryption, add the domains to your SSL Decryption Exclusion list. In PAN-OS 8.0 and later releases, you can configure the list in.DeviceCertificate ManagementSSL Decryption Exclusion
- In your firewall configuration, enable access to Traps management service communication servers.With Palo Alto Networks firewalls, we recommend that you use the App-IDtraps-management-serviceto allow communication between Traps agents and Traps management service. To use the App-IDtraps-management-service, you must install Applications and Threats content update version 793 or a later release.If you do not use a Palo Alto Networks firewall with App-ID:
- Enable access to the following addresses over port 443 where<tenant>is your chosen subdomain.
- contentprod.traps.paloaltonetworks.com—Used to host content updates.
- distributions.traps.paloaltonetworks.com—Used for provisioning Traps agents for the first time to obtain the agent provisioning URL for the tenant.
- ch-—Used for communication between the Traps agent and the preferred Traps management service for the home region.<tenant>.traps.paloaltonetworks.com
- cc-—Used for communication between roaming Traps agents and Traps management service.<tenant>.traps.paloaltonetworks.com
- —Used to access your tenant of Traps management service.<tenant>.traps.paloaltonetworks.com
- dc-—Used for EDR data collection between the Traps agent and the Traps management service.<tenant>.traps.paloaltonetworks.com
- Enable HTTPS access to the storage buckets you identified in Step 1 to allow Traps agents to access Palo Alto Networks S3 buckets in AWS.
- Enable access to allow Live Terminal communication from Traps agents to Traps management service:wss://lrc-where<region>.paloaltonetworks.comis your deployment region, either<region>usoreu.
Recommended For You
Recommended videos not found.