Reference: Set up the zone proxy service

In Threat Response, the options for the Zone Proxy setup is contained in Tanium Direct Connect. To use Direct Connect to manage zone proxy connections, you must install and enable Direct Connect. See Tanium Direct Connect User Guide: Installing for more information.

In earlier versions of Threat Response there was a requirement to make a configuration from Threat Response and import on the zone server. In the current version, the configurations for zone proxy are all contained in Direct Connect. When Direct Connect is configured and running there are no required actions for Threat Response. When the Direct Connect service is enabled when making a live connection the Threat Response service issues the Deploy Direct Connect - Open Session action. See Tanium Direct Connect User Guide: Configure Zone Proxies for more information.

If you are upgrading to Threat Response 2.4 from an earlier version, to use Direct Connect, you must enable Threat Response to use Direct Connect for live endpoint connections.

  1. From the Main menu, click Modules >Threat Response to open the Threat Response Home page.

  2. Click Settings and open the Service tab. Click Misc.
  3. Select Enable Tanium Direct Connect.

In an upgrade scenario, to get the zone proxy to run on the same ports are you have been using you need to stop and remove the current zone proxy infrastructure prior to installing the Direct Connect proxy and ensure that the ports are available for the new service. From Threat Response, click Settings and click the current zone server configuration. To move from this configuration to the Direct Connect configuration, use the same port in the Direct Connect configuration.

If you are not using Direct Connect to manage the configuration of the zone proxy service, see Set up the zone proxy service for information on the configuration of the zone proxy service for Threat Response without Direct Connect.

Last updated: 7/6/2020 1:56 PM | Feedback