Hi All,
Is anyone aware of which specific ports would need to be opened to allow monitoring in the DMZ, from looking around at older post im not sure if this is possible due to WMI needing a port range open ?
thanks
Stuart
Tip: Use Orion Server initiated communication in DMZ environments or cloud scenarios such as Azure. Use agent initiated communication with a proxy to poll multiple computers within a single Azure cloud service.
Stuart use the agent to monitor everything in the DMZ. The agent will eliminate your need for a WMI credential and WinRM while streamlining along a single port. Unless you're using a separate credential for DMZ than you are for internal WMI then you are exposing your network. But if you really must use WMI then this is the article that you want to read:
Hi Matt,
The answer is subjective dependant on your environment. If a large majority of your equipment is sat inside the DMZ then it might make sense to have the main engine there. Don’t forget though that if you need to monitor anything outside of the DMZ you then need to create rules for that, and you could go down the agent route or the APE route. Also consider where your support staff will be accessing the system from as if they are outside the DMZ then you need to punch holes for web access, and then the mail server. As you can see there are many considerations.
Hi David,
Thank you for the response, its a great help.
Here at Tech Data we have a end user that asked this question yesterday so i thought i would do some research on it and see what the general feel was for setting it up this way.
I will be advising the end user to not do it this way.
Thanks again
Regards Mattt
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.