Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Environment

Enterprise EDR (Formerly CB ThreatHunter) Sensor: All Versions
Linux: All Supported Versions
Network Firewall: Palo Alto (PAN-OS)

Symptoms

Sensor installs fail with frequency
Checks for IP Addresses used for Registration show regular changes

Cause

Palo Alto Firewall can be configured to block URL-based connections if the IP Address changes.

Resolution

Refer to Palo Alto's guide on configuring URL filtering:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmgCAC

Additional Notes

Refer to What Ports Must Be Opened On the Firewall And Proxy to allow normal Sensor communication
Use the appropriate KB below for testing connectivity on the endpoint
If Sensor installation still fails after configuring URL Filtering within PAN-OS, please open a Support Case

Related Content

Carbon Black Cloud: What Ports must be opened on the Firewall and Proxy Servers?
Carbon Black Cloud: Sensor not connecting via proxy/firewall
Carbon Black Cloud: How to Test Client Connectivity to CBC Backend (Mac/Linux)
Carbon Black Cloud: How to Test Client Connectivity to CBC Backend (Windows)

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

630

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.