Cortex XDR Live Terminal Session not Working with Prisma Access Decryption
After onboarding into Prisma Access, Cortex XDR live terminal connections were no longer working. There is an existing support document relating to these sort of issues:
Enable Access to Cortex XDR
There is a section for decryption issues (step 2); what is not clear on this page is that to allow live terminal to work you also need to exclude the following URL:
lrc-eu.paloaltonetworks.com
It is referred to in Step 3 but only from a point of view of access. Adding the above URL to SSL decryption bypass in PANOS fixed Cortex XDR live terminal for me. If you don’t know the exact URL you are having issues with it will depend on your deployment region:
To allow Live Terminal communication between Cortex XDR agents and Cortex XDR, enable access to: wss://lrc-.paloaltonetworks.com where is your deployment region, either us or eu
I think the wss in the above text is a typo…