As I got to know from support that, the communication between ActiveGate and DT SaaS, and OneAgent to ActiveGate should be bi-directional however, arrows in following diagram shown uni-directional (one direction).
Is it the case that, just to seek configuration of ActiveGate (first time connection), communication from DT SaaS to ActiveGate over 443 is also needed? It is the same case for ActiveGate to OneAgent for 9999 port?
And as this connection is just one time connection hence arrows are shown in one direction in documentation?
Can someone throw some light on this please.
Solved! Go to Solution.
It is actually all uni-directional: from the OneAgent to the ActiveGate to the Cluster Nodes.
Below are some links that might help:
Thanks for your reply @dave_mauney,
However, I was informed by support that, bi-directional communication is required here.
Following were the further words from support,
Outgoing rule for port 443 is required for the ActiveGate to communicate with the cluster. The incoming rule is set on our (dynatrace) end for inbound requests on the cluster.
The incoming port that the ActiveGate will use for inbound communication is going to be determined automatically during the TCP handshake, and does not need to a inbound rule created on your firewall.
Conclusion here is,
Communication between AG and DT SaaS is technically bi-directional however, while raising a firewall request (with internal network team) for ActiveGate it is always outbound. We don't need to take care of any incoming connection or request.