Hello,
I am attempting to integrate Zabbix into a secure environment in which some critical network segments only allow unidirectional communication (enforced at the hardware level, not just by a firewall). As such, the typical method of communication via TCP between the Server and its Agents is not possible for these network segments (silly ascii diagram drawn below for clarity).
Agent <----> Proxy ----> Server
Agent ----> Server
Agent/Proxy <--- x --- Server
For scalability purposes, I am already using active checking on the segments of the network where normal TCP communication is possible. If I understand active checking correctly, it seems like it can almost manage communicating over a 1-way network connection, but the active agents need to:
A) Initiate first contact with the server (requesting configuration items)
B) Receive a response from the server with configuration data
C) Begin sending data to the server which the server, in turn, traps
Of course, step B outlined above poses the problem here. Is there any easy/recommended way to preload active agents with all of the configuration data they need to send the correct items to the Server (or something altogether different that could help solve the issue)? If so, the Agents could simply start on step C and would never need to receive responses from the server.
Thank you.
EDIT
Also, just for more context, the environment I am working in uses version Zabbix 4.3 (it is possible that something like this is supported in newer versions of Zabbix).
I am attempting to integrate Zabbix into a secure environment in which some critical network segments only allow unidirectional communication (enforced at the hardware level, not just by a firewall). As such, the typical method of communication via TCP between the Server and its Agents is not possible for these network segments (silly ascii diagram drawn below for clarity).
Agent <----> Proxy ----> Server
Agent ----> Server
Agent/Proxy <--- x --- Server
For scalability purposes, I am already using active checking on the segments of the network where normal TCP communication is possible. If I understand active checking correctly, it seems like it can almost manage communicating over a 1-way network connection, but the active agents need to:
A) Initiate first contact with the server (requesting configuration items)
B) Receive a response from the server with configuration data
C) Begin sending data to the server which the server, in turn, traps
Of course, step B outlined above poses the problem here. Is there any easy/recommended way to preload active agents with all of the configuration data they need to send the correct items to the Server (or something altogether different that could help solve the issue)? If so, the Agents could simply start on step C and would never need to receive responses from the server.
Thank you.
EDIT
Also, just for more context, the environment I am working in uses version Zabbix 4.3 (it is possible that something like this is supported in newer versions of Zabbix).
Comment