Monitoring Agent Modes
- What is the differences between the three agent modes
- Which agent mode to use with your agents
What you are going to learn:
The monitoring agents can be configured in three different agent modes, which will be described in this article. The agent mode will identify which agent will initiate the Network Monitoring Session and which one will accept the incoming connection.
In this mode, the agent will always initiate the connection to the server. This agent mode is usually used for the spokes in a Hub & Spoke network architecture. It is also used for remote workers monitoring agents in the work-from-home scenarios. By default, Notifications are disabled when a new client agent is created. This can be changed after the creation in Agent Settings. Two client agents cannot have a monitoring session together because neither of them are considered servers that can accept the connection.
If a firewall is restricting the outbound connections, some ports must be opened. Learn more in the Firewall Configurations article.
The private server agent mode is used for agents that can accept connections within the same private network. So if two agents can communicate with private IPs, they should be in the same Network, and if at least one of them is a server, the monitoring session will be created. This is the case for private networks using VPNs such as MPLS, DMVPN or SD-WAN.
It is important to understand that an agent configured with the private server mode can also act as a client. So if a Network Monitoring Template creates a session between two servers, it will work and the client for that session will be selected using the Client Selection Algorithm. The private server agent listens on the UDP port defined in the Agent Settings Incoming TCP/UDP Port
(by default 23999
). If a firewall is facing the private server, it must allow incoming connections from private IPs on that port (more on Firewall Configuration).
The private Internet server agent mode is used to accept connections from agents using their public IP address. This server is private because only the organization can use it but it accepts connections from the Internet, which is why it's called Private Internet Server.
It is important to understand that an agent configured with the private Internet server mode can also act as a client. So if a Network Monitoring Template creates a session between two servers, it will work and the client for that session will be selected using the Client Selection Algorithm. The private Internet server agent listens on the UDP port defined in the Agent Settings Incoming TCP/UDP Port
(by default 23999
). If a firewall is facing the private server, it must allow incoming connections from private IPs on that port (more on Firewall Configuration).
Note: If the public IP address obtained automatically by the Obkio agent isn't the one wanted, for example because a firewall is NATing traffic towards Internet on a pool of public IPs, the public IP of an Obkio agent with the Private Internet Server mode can be forced for the user by Obkio. Contact Obkio support to get assistance with this feature!