NetXMS Support Forum

Hi all,

Was wondering what the best way to securely have agents connect to the NetXMS server? 
Few workstations agents will be on other networks that are not connected via VPN or behind firewall/routers. Was hoping to get any suggestions?

I was reading and looks like the only options are below:


Option 1: Agent to Server connection
Option 2: Server to Agent connection

Option 1 will require certificates and agent tunnels (see https://www.netxms.org/documentation/adminguide/server-management.html#server-configuration-for-agent-to-server-connection-tunnel-connection). This setup is a bit more involved, but makes a lot of sense if you are connecting to agents behind routers/firewalls which the NetXMS server cannot talk to directly.

Option 2 will simply require the NetXMS server be able to talk to your NetXMS agent on TCP port 4700. If you have a VPN between your server and the Agents, that's probably the easiest setup. Just make sure your Windows firewall doesn't block the incoming connection from the NetXMS server to your agent. You won't need the ServerConnection parameter for this either, MasterServers is enough.

Your writing is precise.

For agent to server tunnel industry-standard TLS connection is established.
Also you can install netxms proxy in a remote office. That proxy will be the only node that communicates to the server directly. Proxy would communicate to all other machines at that location.