Hi, I am hoping that someone will be able to give me some pointers on how to get Zabbix working to monitor a remote server.
We have been using Zabbix for some years to monitor our on our client's network and host devices, but up to now each remote network has been linked via site-to-site VPNs and each client device or site proxy has been configured to use the private IP address of the Zabbix Server (172.20.12.13 - v. 7.2 on Ubuntu 22:04), and this has all worked fine.
Recently though it has become necessary to take down the VPN tunnel to one site (clashing internal subnet) so I wanted to convert that site to communicate directly to the Zabbix Server using active checks and connect to the public IP address of the server (a.b.147.158). We have a Watchguard firewall and I have forwarded ports 10050 and 10051 to the Server's internal address, and I can see on the logs that traffic is being allowed through. The remote site is, alas, behind a CGNAT address.
I have setup a Proxy on the remote site, configured in in Active mode and pointed it to a.b.147.158, and can see on the Watchguard that traffic is being received from the site and forwarded to the Zabbix Server. The Proxy logs simply say 'unable to connect to a.b.147.158:10051, time out'. On the server itself it says that the Proxy has never been contacted.
As the firewall is receiving traffic on 10051 and (apparently) forwarding it on - I am supposing that the issue must be with the server configuration, but I can see what it is.
In the Proxy configuration on the Server, I have double checked that the proxy name matches the name in the remote proxy configuration file and the mode is set to 'Active'. I have left the Proxy address field blank (but have tried it with the remote site's, public IP address (c.d.661.121) and even the private address of the proxy server (192.168.1.13), but with no luck.
Running netstat on the server shows that 10051 and 10050 are 'listening'.
It has to just be something trivial that I have overlooked but I just can't spot it.
Hopefully someone will have some ideas about what I can check next.
Best wishes and many thanks in advance.
We have been using Zabbix for some years to monitor our on our client's network and host devices, but up to now each remote network has been linked via site-to-site VPNs and each client device or site proxy has been configured to use the private IP address of the Zabbix Server (172.20.12.13 - v. 7.2 on Ubuntu 22:04), and this has all worked fine.
Recently though it has become necessary to take down the VPN tunnel to one site (clashing internal subnet) so I wanted to convert that site to communicate directly to the Zabbix Server using active checks and connect to the public IP address of the server (a.b.147.158). We have a Watchguard firewall and I have forwarded ports 10050 and 10051 to the Server's internal address, and I can see on the logs that traffic is being allowed through. The remote site is, alas, behind a CGNAT address.
I have setup a Proxy on the remote site, configured in in Active mode and pointed it to a.b.147.158, and can see on the Watchguard that traffic is being received from the site and forwarded to the Zabbix Server. The Proxy logs simply say 'unable to connect to a.b.147.158:10051, time out'. On the server itself it says that the Proxy has never been contacted.
As the firewall is receiving traffic on 10051 and (apparently) forwarding it on - I am supposing that the issue must be with the server configuration, but I can see what it is.
In the Proxy configuration on the Server, I have double checked that the proxy name matches the name in the remote proxy configuration file and the mode is set to 'Active'. I have left the Proxy address field blank (but have tried it with the remote site's, public IP address (c.d.661.121) and even the private address of the proxy server (192.168.1.13), but with no luck.
Running netstat on the server shows that 10051 and 10050 are 'listening'.
It has to just be something trivial that I have overlooked but I just can't spot it.
Hopefully someone will have some ideas about what I can check next.
Best wishes and many thanks in advance.
Comment