I would connect your Zabbix server to the Windows server via an autossh tunnel, so that connection is maintained automatically.

I have done this for 3 Windows servers behind a separate firewall, in my Zabbix network.

this way, you have an active connection, which allows you to not only to connect to the Zabbix Agent, but also gives you the possibility of running remote commands/actions if necessary.

If you'd like to know how to setup an autossh tunnel, I have created documentation that I could share with you.

@Parasin: care to share? I like the idea of what you installed..

Creating a self-sustaining AutoSSH Tunnel From Zabbix to your host

Sometimes, you are required to connect to a host that is behind some sort of firewall or protected network. This can make things pretty difficult when attempting to establish connection to the Zabbix agent on that host. One work-around would be to setup an SSH tunnel that must constantly be maintained, by hand. The smarter, and more efficient solution, is to use AutoSSH to keep the tunnel running for you!

AutoSSH is a program that utilizes simple checks and loops to maintain an SSH connection between two servers. It takes the hassle out of having to constantly monitor your tunnels, allowing you to focus on what really matters: monitoring!

The following guide was made using CentOS6, but should be applicable for a variety of Linux environments.
Please note: Windows servers do NOT listen on port 22 by default and special consideration is required to allow SSH tunnels to connect. If you are connecting two Linux systems, this should work as described below, with very little modification.

Setup
Begin by downloading and installing AutoSSH and OpenSSH to the Zabbix server using the commands:
Once these have been successfully installed, we can begin to setup AutoSSH. First, we generate an SSH key to use:
When you are asked to “Enter passphrase”, leave this blank both times (unless you wish to provide a password to protect the keys further).

Steps to generate an SSH key.
Once you have generated your SSH key you need to create the ’.ssh’ directory on the target server (if it does not already exist).
Then we need to copy the key generated on the Zabbix server to the host server.
Now we have to set access rights to the .ssh directory on the target server.
Then test the settings to make sure that you can login to the target server without a password.
If you are able to login without a password, then you can now use the following autossh command:
NOTE: The command below is to connect to a Zabbix Proxy! If you are attempting to connect directly to a host, simply change 20100:localhost:10051 to 20100:localhost:10050
Once everything is done, you can check the status of your tunnel by using:
Then, to make sure that your connection is established to the target server:

Hi, sounds like a plan.

From your idea, I set up a BitVise SSH tunnel/forwarder on the Windows box that is behind a firewall. I forwarded port 127.0.0.1:10051 to the ExternalIP:10051 of the Zabbix server, and set up a host on the zabbix server with IP 0.0.0.0 and port 0.0.0.0. Opened up the appropriate ports on iptables in Zabbix.

I also cloned templates that I would be using and set all items/discovery items to 'Zabbix Agent (Active).

The agent is successfully sending updates to the server over the tunnel to the zabbix server. I can see when services go up and down and some other info, I'll play with it a bit more.

Only thing is that the 'Z' Icon under availability on the main screen is red. Even after deleting the host and redoing everything, it stays gray for a bit and then turns red. It says 'Get value from agent failed: cannot connect to [[0.0.0.0]:0]: [111] Connection refused'

Any fix for this bad status?

edit: I seem to have solved the issue by hunting down other "Zabbix Agent" items in prototypes that were not set to active, and then recreating the host. It has stayed gray for a while, and it still updates so seems good.

I was able to set up an SSH tunnel to forward the agent results to the Zabbix server, using BitVise.

It listens on localhost:10051 and forwards it to the Zabbix Server:10051. I can see that it is *trying* to send to the zabbix server, and I can initiate a connection, however it seems like Zabbix is ignoring the data and dropping the connection.

Any ideas?

Hello,

I was also facing the same problem while setting up SSH tunnel between zabbix server and zabbix agent. In my case i am not using any zabbix proxy.

The instructions given by 'Parasin' are full proof. I tried those same instructions but while configuring agent on zabbix server, you will need to specify port 20100 with 127.0.0.1 IP.
On agent config file,
ListenIP=127.0.0.1
Server=<zabbix server name>,127.0.0.1
ServerActive=<zabbix server name>,127.0.0.1 (If you are using active checks).
HostName=<name of agent machine's name>

That's it. It works. Please see the attached file.

Thanks,
Jeetusjeet

There is a weird quick about Zabbix Active Agents; sometimes they appear as though they are not being monitored and have the red "Z" next to them, even when they are in fact being monitored. See first attachment

The best way to see if you are actually receiving data from your host is to go to the "Latest Data" tab and look at the specific host. If you are getting data, you are good to go! If you are not getting data, then my next step would be:

1. Check the zabbix_agentd.log file on the host, see if it is receiving the items from the Zabbix Server and attempting to send them back
2. Check the zabbix_server.log file on the Zabbix Server, see if it can connect to the host you are attempting to monitor
3. Check firewall settings on both the host and the Zabbix Server, make sure that the Zabbix Agent is allowed to communicate to the Zabbix Server
4. Double-check the port settings; this can be done on the host/server and in the zabbix_agentd.conf file, make sure all your settings are correct

Try these and let me know what happens