Ad Widget

Collapse

Use agents as proxy?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • mariusl
    Junior Member
    Zabbix Certified SpecialistZabbix Certified Professional
    • Aug 2024
    • 25
    #1

    Use agents as proxy?

    Hello!

    We have a complex architecture with different network segments, where a Control Unit (CU) is responsible of receiving and processing data from multiple sensors.
    The CU has one network interface in the 192.168.0.0/24 network, and another in the sensor network (172.10.0.0/24). The sensors themself can only communicate within the sensor network.

    We are able to install agents on the sensors and the control unit, however the issue is moving the monitoring data from the sensor agent to the Zabbix proxy and eventually to the Zabbix server.
    As of today we can not install Zabbix proxy on the CU, and the dedicated server for Zabbix proxy can not communicate with the sensor network directly.

    Only option left is to relay the data through the CU in some way. My question is if this is possible natively using the Zabbix Agent2?
    Agents on sensors and the CU can be both passive and active. The zabbix proxy needs to remain in active mode as the Zabbix server is on the outside of the infrastructure, and we can not initiate TCP connections from the outside.

    Click image for larger version Name: image.png Views: 139 Size: 21.9 KB ID: 489681

    Does anyone have experience with such setup or any ideas?
    Many thanks!
    Tags: None
    • t00m1G
      Junior Member
      • Jan 2024
      • 26
      #2

      Hey,

      The easiest way to solve this would be of course to allow agent TCP ports to only one IP address for this whole 172.10.0.0 network - to allow communication between proxy and sensors network.
      But since I assume that is industrial environment, it would be really hard to implement this type of solution.

      With use of CU, you want to use Agent on that CU to gather data from Sensors and then send this data to Proxy?
      There is also option to monitor those sensor (if they are linux based of course) with use of SNMP - but question is, if UDP communication is also blocked. If it's not, you can do that in that way.

        Comment

        • mariusl
          Junior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Aug 2024
          • 25
          #3
          Hi t00m1G. Thanks for your reply and suggestions!

          The easiest way to solve this would be of course to allow agent TCP ports to only one IP address for this whole 172.10.0.0 network - to allow communication between proxy and sensors network.
          But since I assume that is industrial environment, it would be really hard to implement this type of solution.
          As of today, allowing other hosts to communicate with the sensor network is not an option. Everything from the sensors needs to go through the CU.

          With use of CU, you want to use Agent on that CU to gather data from Sensors and then send this data to Proxy?
          That is correct. Since the CU itself will be monitored with an agent, it would be really nice if the CU agent itself could work as a proxy or relay of the data from sensors instead of having to deploy a Zabbix Proxy next to it on the CU (which is a last resort).

          There is also option to monitor those sensor (if they are linux based of course) with use of SNMP - but question is, if UDP communication is also blocked. If it's not, you can do that in that way.

          Most of the sensors are indeed Linux based, however i'm not sure if we'll be able to monitor everything we need through SNMP. How would that work though? I assume the CU agent could poll SNMP on sensors and report back to the Server?
          We would need to have some dummy hosts in the server for each sensor then probably where items are defined?

            Comment

            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4807
              #4
              I think he meant that maybe udp traffic is allowed from your proxy to sensor network, but I doubt it is... Agent will not do snmp polls. you would need to script all that and use some trapper items or something like that to submit data from polling host (CU) towards server.... and hosts for each sensor anyway...

              Your best option would be to get proxy installed on CU... Then it would be able to poll those agents in sensor network...

              If those sensors answer to any of command line tools in CU, it might be also possible to script it and poll data and forward to server...

                Comment

                • t00m1G
                  Junior Member
                  • Jan 2024
                  • 26
                  #5
                  in some cases of industrial networks for some reasons UDP communication is allowed (in both ways) - that's why I suggested use of snmp.
                  as cyber mention, the best option would be to install proxy on control unit.

                    Comment

                    Previous template Next
                    Working...