Edit Your Broker VM Configuration - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

After configuring and registering your Broker VM, you can edit existing configurations and define additional settings in the Broker VMs page in the Brokers tab. When you have a high availability (HA) cluster configured, you can also edit any Broker VM nodes configurations in the Clusters tab from the Broker VMs table under the Cluster.

  1. Select SettingsConfigurationsData BrokerBroker VMs.

  2. In the Broker VMs table, locate your Broker VM, right-click, and select Configure.

    If the Broker VM is disconnected, you can only View the configurations.


    For all Broker VM nodes added to a HA cluster, you can also Configure the Broker VM nodes from the Clusters tab.

  3. In the Broker VM Configurations page, define the following settings:

    • Edit the existing Network Interfaces, Proxy Server, NTP Server, and SSH Access configurations.

    • (Requires Broker VM 8.0 and later) Device Name.

      -Device Name—Change the name of your Broker VM device name by selecting the pencil icon. The new name will appear in the Brokers table.

      -FQDN—Set your Broker VM FQDN as it will be defined in your Domain Name System (DNS). This enables connection between the WEF and WEC, acting as the subscription manager. The Broker VM FQDN settings affect the WEC and Agent Installer and Content Caching.

    • (Requires Broker VM 8.0 and later) (Optional) Internal Network

      Specify a network subnet to avoid the Broker VM dockers colliding with your internal network. By default, the Network Subnet is set to


      Internal IP must be:

      • Formatted as prefix/mask, for example

      • Must be within /8 to /24 range.

      • Cannot be configured to end with a zero.

      For Broker VM version 9.0 and lower, Cortex XDR will accept only

    • Auto Upgrade

      Enable or Disable automatic upgrade of the Broker VM. By default, auto upgrade is enabled at Any time for all 7 days of the week, but you can also set the Days in Week and Specific time for the automatic upgrades. If you disable auto-upgrade, new features and improvements will require manual upgrade.

    • Monitoring

      Enable or Disable of local monitoring of the Broker VM usage statistics in Prometheus metrics format, allowing you to tap in and export data by navigating to http://<broker_vm_address>:9100/metrics/. By default, monitoring your Broker VM is disabled. For more information with an example of how to set up Prometheus and Grafana to monitor the Broker VM, see Monitor the Broker VM using Prometheus.

    • (Optional) SSH Access

      • (For Broker VM 7.4.5 and earlier) Enable/Disable ssh Palo Alto Networks support team SSH access by using a Cortex XDR token.

        Enabling allows Palo Alto Networks support team to connect to the Broker VM remotely, not the customer, with the generated password. If you use SSL decryption in your firewalls, you need to add a trusted self-signed CA certificate on the Broker VM to prevent any difficulties with SSL decryption. For example, when configuring Palo Alto Networks NGFW to decrypt SSL using a self-signed certificate, you need to ensure the Broker VM can validate a self-signed CA by uploading the cert_ssl-decrypt.crt file on the Broker VM.


        Make sure you save the password before closing the window. The only way to re-generate a password is to disable ssh and re-enable.

      • (Requires Broker VM 14.0.42 and later) Customize the login banner displayed, when logging into SSH sessions on the Broker VM in the Welcome Message field by overwriting the default welcome message with a new one added in the field. When the field is empty, the default message is used.

    • Broker UI Password

      Reset your current Broker VM Web UI password. Define and Confirm your new password. Password must be at least 8 characters.

    • (Requires Broker VM 10.1.9 and later) (Optional) In the SSL Server Certificate section, upload your signed server certificate and key to establish a validated secure SSL connection between your endpoints and the Broker VM. When you configure the server certificate and the key files in the tenant UI, Cortex XDR automatically updates them in the Broker VM UI, even when the Broker VM UI is disabled.

      Cortex XDR validates that the certificate and key match, but does not validate the Certificate Authority (CA).

  4. Save your changes.