Yes you can but it will generate the traffic on internet. Also You can use the zabbix proxy server at remote site and proxy will communicate to zabbix server.

Choose what best applies to your remote hosts.
the rule is

For Active Mode/Zabbix Agent Active:
Zabbix Server Host:
Requires: Zabbix Server Open Port/NAT
Traffic Direction: Inbound

Remote Site:
Traffic Direction: Outbound to Zabbix Server

For Passive Mode/Zabbix Agent
Zabbix Server Host:
Traffic Direction: Outbound

Remote Site:
Traffic Direction: Inbound
Requires: Zabbix Agent Open Port/NAT​


Wellington

So ready the description of the Agent compared to Proxy, the proxy appears to fit the bill better. Can we install the agent and proxy on the same PFsense?

Or am I confused and just need to use the Agent in Active mode to ensure the traffic is only sent outbound to the Zabbix server and the Zabbix server doesn't need to talk to the endpoints?

yes, you can install Agent and Proxy on the same host.

As for using the Proxy, it is useful to reduce the load on the zabbix server and if you use Passive mode, you will only need to open the Proxy port.

Diagram would be:
Without Proxy:
Zabbix Agent --> Zabbix Server (Collects and processes data)

With Proxy:
Zabbix Agent --> Zabbix Proxy (Collects and processes data) --> Zabbix Server

Read more at:​

https://blog.zabbix.com/hidden-benef...ix-proxy/9359/

**pFsense Has Agent and Proxy packages


Wellington

Again, apologies as coming across as a novice, as I am with Zabbix haha.

When adding the agents into the console, it is asking for DNS names/IP addresses. Other solutions that work in one direction (inbound) to a monitoring server. Would normally just accept a request.

If the design of this was to have remote site agents with no LAN connectivity outbound from the Zabbix server. What IP or name would I put in the Agent section? We're operating on the assumption the Zabbix server is being a firewall NAT and can't talk or communicate with the remote devices ?

For remote monitoring:

When using active mode, this field is not used, as it is the Agent that communicates with the Server.
Zabbix agent ==> Zabbix Server
So you can enter any IP, I use 0.0.0.0 and others different from the network range.
NAT/Port forward required at the remote site: NO


If you use Passive Mode Without Zabbix Proxy:
Zabbix Server ===> Zabbix Agent
IP Address: IP Internet Remote Site, e.g. 198.198.123.123
Port: Port configured in NAT/Redirect on your router or firewall in remote site
***Requires port/nat configured for each Host monitored on the Remote Site.

If you use Passive Mode with Zabbix Proxy in remote site:
Zabbix Server ===> Zabbix Proxy ==> Zabbix Agent
In this case, the Proxy communicates with the Agent, so:
IP Address: Internal IP, e.g. 192.168.0.55
Port: 10050
Port Forward/NAT in remote site: Only for the Zabbix Proxy port. ** Except if the Proxy is Active Mode.​


Wellington