NetXMS Support Forum

I have NetXMS setup and running inside of my office. However I would like to monitor switches/APs that are not on my network. And the 2 networks are not connected in any fashion. Is this possible to do? and if so, what is the best method? I would like to avoid setting up VPNs between each location? I am able to monitor there router with the Public IP just fine. Just need the L2 devices.

Thanks!

Install an agent in the other network and configure it as SNMP proxy.
You can either setup Active Agent Tunnels to allow that proxy node to talk back to your server or you can configure a port forward on the router at the other end to the proxy node. Either way will allow NetXMS and the proxy to talk to each other.

Once you have the proxy node going, you can add the other L2 devices and poll them via that proxy node.
I would generally recommend configuring NetXMS for zoning in this scenario and configure the other site as a separate zone. That may or may not be required in your case (it is required if there are overlapping subnets).

Ok So i see to setup a proxy, I just need to modify the config file. Anything else I need to do for that?

And if I do a port forward do I only forward SNMP traffic or NETXMS or both?

Thanks!

On the agent side, you only enable the relevant proxy items in the configuration.
For the port forward, you only forward the NetXMS Agent port, i.e. 4700 TCP.
If you are using zoning, you'd set the default SNMP proxy for the zone to that proxy agent and any SNMP polling for nodes in the zone will automatically happen via the Proxy. Otherwise you probably have to set the SNMP proxy on each node individually.

So when I add the node to my console, what do I add as the IP if I am already monitoring the WAN IP? It says duplicate IP address.

At our end we use zoning for that with one of two setups:
- All devices are in the same zone and you use the proxy to query the external router from the inside (i.e. you change the router's IP in NetXMS to the LAN IP).
- You keep the external router in the default zone with a public IP address and the proxy and other internal devices in a separate zone (with the proxy using the same public IP as the router).

IPs have to be unique within a zone.

(Not sure if there is a way to make this work using the "This is address of remote management node" checkbox which I believe removes the IP from that "uniqueness" check, but it didn't seem to work for us. Could have been a caching thing though.)