Set an Application Proxy for Cortex XDR Agents - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide


This capability is supported on endpoints with Traps agent 5.0.9 (Windows only) or Cortex XDR agent 7.0 and later releases.

In environments where agents communicate with the Cortex XDR server through a wide-system proxy you can now set an application-specific proxy for the Traps and Cortex XDR agent without affecting the communication of other applications on the endpoint. You can set the proxy during the agent installation, after installation using Cytool on the endpoint, or from All Endpoints in Cortex XDR, as described in this topic.

You can assign up to five different proxy servers per agent. The proxy server the agent uses is selected randomly and with equal probability. If communication fails between the agent and the Cortex XDR server through the app-specific proxies, the agent resumes communication through the system-wide proxy defined on the endpoint. If that fails as well, the agent resumes communication with Cortex XDR directly.

  1. From Cortex XDR, select EndpointsAll Endpoints.

  2. If needed, filter the list of endpoints.

  3. Set an agent proxy.

    1. Select the row of the endpoint for which you want to set a proxy.

    2. Right-click the endpoint and select Endpoint ControlSet Agent Proxy.

    3. You can assign up to five different proxies per agent. For each proxy, enter the IP address and port number. For Cortex XDR agents 7.2.1 and later, you can also configure the proxy by entering the FQDN and port number. When you enter the FQDN, you can use either all lowercase letters or all uppercase letters. Avoid using special characters or spaces.

      For example,,YOUR.NETWORK.COM:888,

    4. Set when you’re done.

    5. If required, you can Disable Agent Proxy from the right-click menu.

      When you disable the proxy configuration, all proxies associated with that agent are removed. The agent resumes communication with the Cortex XDR server through the system-wide proxy. If a system-wide proxy is not defined, the agent resumes direct communication with the Cortex XDR server. If neither a system-wide proxy nor direct communication exists, the agent will disconnect from Cortex XDR.