Hello,
I am monitoring besides other servers, a group of servers that are in DMZ behind a firewall.
All works well, besides ... zabbix[host,agent,available] with one of the servers. Looks like data for all other items are collected correctly and with no interruption.
In comparison this is agent availability of another server of this group in DMZ.
This happened AFTER we switched on a module on the firewall for DDOS protection.
Switch module DDOS protection off - no agent availability interrupts.
Switch module DDOS protection on - agent availability interruptions start again, but ONLY for THIS server.
We have opened a support request for the firewall, but other than packet capturing and "what does agent availability do" not much has been resolved.
We have even put an exception in the DDOS protection rule, but that did not help either.
Two are then my questions:
Q1: Have other experienced problems with agent availability over a firewall? What was the solution if one has been found?
Q2: I have read documentation and from what I understand this communication is necessary. But is it safe to tweak the parameters in this particular case to be less sensitive (like waiting more time until raising the error)?
Thank you for your comments.
Kind regards
I am monitoring besides other servers, a group of servers that are in DMZ behind a firewall.
All works well, besides ... zabbix[host,agent,available] with one of the servers. Looks like data for all other items are collected correctly and with no interruption.
In comparison this is agent availability of another server of this group in DMZ.
This happened AFTER we switched on a module on the firewall for DDOS protection.
Switch module DDOS protection off - no agent availability interrupts.
Switch module DDOS protection on - agent availability interruptions start again, but ONLY for THIS server.
We have opened a support request for the firewall, but other than packet capturing and "what does agent availability do" not much has been resolved.
We have even put an exception in the DDOS protection rule, but that did not help either.
Two are then my questions:
Q1: Have other experienced problems with agent availability over a firewall? What was the solution if one has been found?
Q2: I have read documentation and from what I understand this communication is necessary. But is it safe to tweak the parameters in this particular case to be less sensitive (like waiting more time until raising the error)?
Thank you for your comments.
Kind regards