Enterprise EDR: Linux installs fail due to Network Rules (Palo Alto Firewall)
Article ID: 291721
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Sensor installs fail with frequency
- Checks for IP Addresses used for Registration show regular changes
Environment
- Enterprise EDR (Formerly CB ThreatHunter) Sensor: All Versions
- Linux: All Supported Versions
- Network Firewall: Palo Alto (PAN-OS)
Cause
Palo Alto Firewall can be configured to block URL-based connections if the IP Address changes.
Resolution
Refer to Palo Alto's guide on configuring URL filtering:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmgCAC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmgCAC
Additional Information
- Refer to What Ports Must Be Opened On the Firewall And Proxy to allow normal Sensor communication
- Use the appropriate KB below for testing connectivity on the endpoint
- If Sensor installation still fails after configuring URL Filtering within PAN-OS, please open a Support Case
Feedback
Yes
No
Powered by
