Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace Architecture with reverse NAT ?

DynaMight Guru
DynaMight Guru

In an Organization where one wants to install OneAgents & ActiveGates, but with the following restrictions:

  • Proxy is unreliable
  • There is no DNS resolving for public Internet DNS names
  • There is no routing for Internet IP addresses
  • There is the possibility of reverse NAT

What are the best options?

The reverse NAT works OK with AGs, but there is a limitation: given no DNS resolution, address translation has to be done with host files. But host files have only one IP for DNS name, so tenant name can only be translated to one reverse NAT IP. This might be a limitation if the IP address of the DNS Dynatrace cluster eventually once fails....

Are there other options?

Antonio Sousa

DynaMight Legend
DynaMight Legend

I never needed to play with this, but what I would try is to configure ActiveGates to supply the custom DNS name in the connection info for the OneAgents:

dnsEntryPoint =

This ensures this endpoint will be propagated internally to ActiveGates.

For the ActiveGate itself, you need to ignore the server-provided info and supply it manually, see Configure ActiveGate to use reverse proxy or load balancer
By using this, you can configure the ActiveGate to connect to your defined addresses - whether you use reverse proxy or reverse NAT this will work.

Will this solve the issue?

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner


At the moment, I'm concerned with the communication between the ActiveGates and the Dynatrace SaaS cluster. Inside, communication is not problematic.

With reverse NAT, I can fix an internal IP for each of the SaaS cluster IPs, and with your suggestion I can eventually drop the hosts file and have multiple endpoints, which with the hosts file was more difficult. Seems a very good suggestion to me 😃 Let me test it, and will be back with the results :dynaspin:

Antonio Sousa

Featured Posts