1. Overview

By default, Prisma Cloud only creates an HTTPS listener for access to Console. In some circumstances, you may wish to enable an HTTP listener as well. Notice that accessing Console over plain, unencrypted HTTP isn’t recommended, as sensitive information can be exposed.

Enabling an HTTP listener simply requires providing a value for it in twistlock.cfg. At first, your configuration file would look like this:

#############################################
#     Network configuration
#############################################
# Each port must be set to a unique value (multiple services cannot share the same port)
###### Management console ports #####
# Sets the ports that the Prisma Cloud management website listens on
# The system that you use to configure Prisma Cloud must be able to connect to the Prisma Cloud Console on these ports
# To disable a listener, leave the value empty (e.g. MANAGEMENT_PORT_HTTP=)
# Accessing Console over plain, unencrypted HTTP isn't recommended, as sensitive information can be exposed
MANAGEMENT_PORT_HTTP=
MANAGEMENT_PORT_HTTPS=8083

To enable the HTTP listener, your configuration file should look like this:

#############################################
#     Network configuration
#############################################
# Each port must be set to a unique value (multiple services cannot share the same port)
###### Management console ports #####
# Sets the ports that the Prisma Cloud management website listens on
# The system that you use to configure Prisma Cloud must be able to connect to the Prisma Cloud Console on these ports
# To enable the HTTP listener, set the value of MANAGEMENT_PORT_HTTP (e.g. MANAGEMENT_PORT_HTTP=8081)
# Accessing Console over plain, unencrypted HTTP isn't recommended, as sensitive information can be exposed
MANAGEMENT_PORT_HTTP=8081
MANAGEMENT_PORT_HTTPS=8083

After you’ve updated the configuration file, just rerun twistlock.sh for the changes to take effect. For example:

$ sudo ./twistlock.sh -s console