Set an application-specific proxy for the Cortex XDR agent without affecting the communication of other applications on the endpoint.
Note
This capability is supported on endpoints with Traps agent 5.0.9 (Windows only) or Cortex XDR agent 7.0 and later releases.
In environments where agents communicate with the Cortex XSIAM server through a wide-system proxy you can set an application-specific proxy for the Traps and Cortex XDR agent without affecting the communication of other applications on the endpoint. You can set the proxy during the agent installation, after installation using Cytool on the endpoint, or from All Endpoints in Cortex XSIAM.
You can assign up to five different proxy servers per agent. The proxy server the agent uses is selected randomly and with equal probability. If communication fails between the agent and the Cortex XSIAM server through the app-specific proxies, the agent resumes communication through the system-wide proxy defined on the endpoint. If that also fails, the agent directly resumes communication with Cortex XSIAM.
From Cortex XSIAM, select → .
If needed, filter the list of endpoints.
Select the row of the endpoint for which you want to set a proxy.
Right-click the endpoint and select
→ .You can assign up to five different proxies per agent. For each proxy, enter the IP address and port number. For Cortex XDR agents 7.2.1 and later, you can also configure the proxy by entering the FQDN and port number. When you enter the FQDN, you can use all lowercase letters or all uppercase letters. Avoid using special characters or spaces.
For example,
my.network.name:808,YOUR.NETWORK.COM:888,10.196.20.244:8080
.Click Set.
If required, you can Disable Agent Proxy from the right-click menu.
When you disable the proxy configuration, all proxies associated with that agent are removed. The agent resumes communication with the Cortex XSIAM server through the system-wide proxy. If a system-wide proxy is not defined, the agent resumes direct communication with the Cortex XSIAM server. If neither a system-wide proxy nor direct communication exists, the agent will disconnect from Cortex XSIAM.