I have a Zabbix server hosted on my office LAN and, thus far, two Zabbix proxy boxes located at two client offices. I have network discovery active on all three locations, with the checks set to ICMP ping, SNMPv2 agent and the Zabbix agent. On both proxy locations, the gateway firewall is not showing up on the list of discovered devices, while the one on my LAN (a larger model, running the same OS) does show. The firewalls respond to pings internally, and have SNMP active - I was able to query an OID successfully. Am I missing something in the proxy configuration that is causing this?
-
-
In the network discovery settings, the «Discovery by proxy» parameter is set?
Next, you need to check the settings of the local firewall for the proxy and the settings of the rules of the firewall that is not detected.
It may help to intercept traffic on a computer with a proxy using tcpdump.
For information: the proxy performs a ping using the fping utility. You can see information about snmp support in the log when you start the proxy.Last edited by Hamardaban; 24-01-2021, 07:49. -
Thanks for your help. To be clear, network discovery for the IP ranges is working - apart from the firewall IP address. I confirmed the "Discover by proxy" is configured; if I run fping from the proxy, the firewall responds, and as I noted earlier, it responds to an snmpwalk command from the proxy system. It looks like the issue is internal to Zabbix - there are no firewall rules being actioned when both the proxy and firewall are on the same subnet.Comment
-
Thanks for the clarification - it was previously unclear where you checked the availability of firewall services and what settings the proxy has.
Increase the logging level of zabbix modules and check the log entries related to the firewall.
Once again, I recommend looking at the packet transfer.Last edited by Hamardaban; 25-01-2021, 07:03.Comment
Comment