NetXMS Support Forum

Hi,

Server is NetXMS 3.2.380/Windows, Agent is NetXMS 3.3.314/WIndows.

I work for an MSP (Managed Services Provider), and I'd like to setup NetXMS to monitor all of our clients, and be able to do so through on a single NetXMS server at our site.  We, and all of our clients, have a single external (static) IP address, and internally have private IPs (192.168.x.y) and use NAT.

Zones seem to be the way to do this (section 36.1)

I'm trying to get it working on one client, but am having trouble. Here is what I have done (we have a good, working NetXMS installation at our site already).

1. I created a new Zone (right-click Entire Network -> Create zone).  I noted that zoneUIN=3.
2. I created a new proxy node (right-click Infrastructure Services -> Create -> Node).  Checked "Create as zone proxy" box and selected the appropriate Zone from the drop-down menu.  The agent system is Windows, so I did not config SSH login/password.  Left all else as defaults.
3. I added Port Forwarding rules for port 4700 on our firewall and the client firewall.
4. I installed the NetXMS agent to serve as the proxy agent on one system there, with this nxagentd.conf:

MasterServers = (external ip address of our NetXMS server)
ConfigIncludeDir = C:\NetXMS\Agent\etc\nxagentd.conf.d
LogFile = {syslog}
FileStore = C:\NetXMS\Agent\var
SubAgent = filemgr.nsm
SubAgent = ping.nsm
SubAgent = logwatch.nsm
SubAgent = netsvc.nsm
SubAgent = portcheck.nsm
SubAgent = ssh.nsm
SubAgent = winperf.nsm
SubAgent = wmi.nsm

EnableProxy = yes
ZoneUIN = 3


5. From the NetXMS Console, I right-clicked the Proxy object I created under Infrastructure services, Poll -> Configuration (full).

What was working
The server connected to the agent, and read the default DCI set, and the "Object Details" of the Proxy Node are populated.  Server-Agent communication was happening.  "Software Inventory" and "Hardware Inventory" never worked, as they do for nodes on the local LAN.  (But communication stopped, see next section.)

What isn't working
0. Under the zone, it shows two networks.  One is "113.11.246.0/24" which is a subnet NetXMS made up, based on the single external IP address.  I can just ignore that.
1. The second network is the internal client private network (192.168.x.y/24) which is correct.  However it only has "found" one address (the Proxy Node), but it hasn't found it correctly.  It has "192.168.14.254" as the address of the Proxy Node, but that is actually the address of the firewall (or default gateway).  So now the Proxy Node is marked as Unreachable even though it is reachable.
2. Discovery doesn't seem to be happening, probably because of #1.  I started a manual network scan (Configuration -> Network Discovery -> network address=192.168.14.0, mask=24, Zone=client zone, Proxy=client proxy, Click 'save' icon -> Scan.  Waited an hour but no new nodes are listed under the network.

How do I configure NetXMS so that it knows the correct, internal address of the agent?  I've read section 39.3 of the manual but there isn't a setting to tell the agent what its IP address is?
How do I get scans working?
On other client systems at the remote site? What do I use for the NetXMS server ip address value?  The proxy node IP address?  Do I have to config the zoneUIN on all the agents? I couldn't find anything about this.  Here is an nxagentd.conf file from the client site.
MasterServers = 192.168.14.23
ConfigIncludeDir = C:\NetXMS\Agent\etc\nxagentd.conf.d
LogFile = {syslog}
FileStore = C:\NetXMS\Agent\var
SubAgent = filemgr.nsm
SubAgent = ping.nsm
SubAgent = logwatch.nsm
SubAgent = netsvc.nsm
SubAgent = portcheck.nsm
SubAgent = winperf.nsm
SubAgent = wmi.nsm

ZoneUIN = 3

I feel I'm mostly there, but missing a setting or two.  What have I done wrong?

Thank you in advance,
Ted

Hi,

agent configuration file looks correct. What is set as primary host name / primary IP address in proxy node settings? Could it be that firewall itself also responds to your NetXMS server via SNMP, possibly providing different set of interfaces? Please check what is displayed in overview and interfaces tab for proxy node. Ideally please post screenshots of those two tabs along with forced configuration poll output.

For agents inside client network you should use proxy node's IP address as master server address. It is good to specify ZoneUIN in proxy agent configuration but is not necessary for each agent inside zone.

Best regards,
Victor