Announcement

Collapse
No announcement yet.

Monitor servers on another subnet with blocked by firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    Monitor servers on another subnet with blocked by firewall

    I have a Zabbix running on 3.2 and have no issued monitoring servers on the same subnet called subnet A. Zabbix agent has been deployed to all these servers.
    I wanted to monitor subnet B servers , unfortunately, subnet A was blocked 10051 to subnet B. Subnet B can telnet 10050 to Zabbix server.
    I did some findings and the solution is to use active check on subnet B.
    But my subnet A is using passive check.
    Can passive and active check coexist? If not, how about move zabbix to subnet B and change IP address. Any impact on DB after changing IP address?

    Thank you
    Last edited by Alan Lim; 05-12-2017, 09:30.

    #2
    Hi Alan,
    1. Which is more important: Subnet A or Subnet B?
    2. The items being monitored can only be active or passive. It cannot be both. However, you can have a combination of active and passive items being monitored.
    3. Consider using a Zabbix Proxy into Subnet B
    4. You can move Zabbix to another IP address but this depends on which database you're using. MySQL and Postgres are ok with changing IP address.

    Comment


      #3
      Hi RV,

      Both Subnet A and B are important. Thank you for your brilliant suggestion of installing Zabbix proxy on subnet B.

      I have a question about installing Zabbix proxy;
      According to Zabbix document, the installation command for Zabbix proxy is "apt-get install zabbix-proxy-mysql". (ubuntu base)
      Just wondering should I install Frontend-php? If not, how should I mange it without web mgmt. If yes, then what is the installation command like?
      Tried to google but couldn't find any good step by step guide on how to install zabbix proxy


      Thank you
      Last edited by Alan Lim; 07-12-2017, 07:04.

      Comment


        #4
        Hi Alan,

        I'm currently also exploring Zabbix Proxy. I also have to deal with firewalls issues with my IT.

        However, I downloaded the Zabbix Proxy package from https://www.zabbix.com/download for my Linux distro

        I believe, there is no web frontend for proxies. And that's as far as I got.

        Comment


          #5
          Originally posted by Alan Lim View Post
          But my subnet A is using passive check.
          Can passive and active check coexist? If not, how about move zabbix to subnet B and change IP address. Any impact on DB after changing IP address?
          Active proxy in subnet B and all hosts in subnet B still can be monitored using passive checks over proxy in B.

          PS. BTW sooner or later if number of monitored items will be growing you will be forced to switch to active monitoring as passive one does not scale.
          http://uk.linkedin.com/pub/tomasz-k%...zko/6/940/430/
          https://kloczek.wordpress.com/
          zapish - Zabbix API SHell binding https://github.com/kloczek/zapish
          My zabbix templates https://github.com/kloczek/zabbix-templates

          Comment


            #6
            Thanks kloczek

            Comment


              #7
              Originally posted by kloczek View Post
              Active proxy in subnet B and all hosts in subnet B still can be monitored using passive checks over proxy in B.

              PS. BTW sooner or later if number of monitored items will be growing you will be forced to switch to active monitoring as passive one does not scale.
              Thank you Kloczek.
              How difficult to change from passive to active?
              So far, my understanding is to add a parameter "StartAgents=0" in zabbix_agentd.conf.
              Do I miss anything in zabbix_agentd.conf?
              How should I change from passive to active in Zabbix server?

              Comment


                #8
                I have found this forum
                https://www.zabbix.com/forum/showthread.php?t=50045.

                Any additional suggestion?

                Thank you

                Comment


                  #9
                  Alan,

                  There are 3 places where you change for active monitoring.

                  1. The items/keys that you monitoring, change it to active
                  2. The zabbix_agent conf file, set ServerActive=
                  3. Also in zabbix_proxy (can set the proxy into active mode like kloczek said)

                  Hope this gets you going.

                  Comment


                    #10
                    Hi RV,

                    Initially, because of the firewall blocking, caused Zabbix server can't talk via port 10050 to zabbix agent on other subnets. But no firewall blocking for Zabbix agent to Zabbix server. Thus decide to deploy a zabbix proxy on agent subnet.
                    But later realized that the active agent could solve the firewall issue as the active agent is communicating to zabbix server instead.

                    Still struggling how to let zabbix server monitor active agent. I have added the below to zabbix_agentd.conf
                    ServerActive=172.10.10.10
                    Hostname=Win2012-UAT (agent's computer name)
                    StartAgents=0
                    I have created a new Zabbix Active agent template (Active Agent.png) and added active agent host to this template. Not sure what to input the IP and I just put 0.0.0.0 and port is 10050 at the host configuration.
                    Please look at the zabbix error.jog which shows the agent failed to communicate.
                    Is there anything that I miss or mistake?

                    Going to get crazy for these.
                    Thank you
                    Attached Files

                    Comment

                    Working...
                    X