This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Multi-IP security Gateway communication

gautier_begin
Advisor

‎18 Jan 2018 02:28 PM

Hello,

I have installed a Private Security Gateway having 2 different IP addresses mapped to 2 different hostname in a DMZ. By network design, the OneAgents behind this Gateway can only communicate with a single hostname/IP of this Gateway. The Gateway can only communicates with the Managed Cluster with one of its IP/hostname.

The issues I met:

- Very long time for OneAgents to be reconized by the Dynatrace Cluster because they test all the possible addresses of the infrastructure till one is working. I'm afraid the agents could renew this operation at a regular schedule.

- The Security Gateway is known in the Tenant with its "wrong" hostname.

- The Security Gateway tries to use the wrong IP or hostname to communicate with the Cluster.

What I tried without result:

- Installing the agent with the SERVER option containing only the good IP address of the

Private Security Gateway: At the first connection, the agent gets all the GWs and Cluster servers of the infra and try to use them.

- During the

Private Security Gateway installation, using the DNSENTRYPOINT argument with the good hostname or IP of the GW. The Gateway refuses to connect to the Cluster and then stops.

So my questions:

- How to oblige a Private Gateway to use an IP address and a hostname when 2 exists on the machine.

- How to oblige a OneAgent to use an IP address and a hostname when 2 exists on the machine.

- How to oblige a Private Gateway to communicate with a fixed set of GWs/Cluster Servers.

- How to oblige a OneAgent to communicate with a fixed set of GWs/Cluster Servers.

- What the argument DNSENTRYPOINT is done for.

Regards,

Labels:
0 Kudos
Reply
7 REPLIES 7

Zbigniew_Wroble
Dynatrace Helper
Dynatrace Helper

‎25 Jan 2018 08:50 AM

Hi,

Using DNSENTRYPOINT is a good idea. You can specify the parameter during installation or after that directly in file config.properies ( or custom.properties since SG 1.135) as dnsEntryPoint e.g.

[connectivity]
dnsEntryPoint= https://192.168.100.100:9999

, restart of SG is required.

You should do it on your private SG and on Managed Node.

About :"Private Security Gateway installation, using the DNSENTRYPOINT argument with the good hostname or IP of the GW. The Gateway refuses to connect to the Cluster and then stops."

This should not happen, please attach logs, we would like to look closer.

Regards,

0 Kudos
Reply

gautier_begin
Advisor

‎25 Jan 2018 12:43 PM

Hello,

Excuse me, that's a bit confusing, which address to put in whose config file ?

In the case I have one of these architectures

Cluster Node (Address A) <= Public Gateway (Address B) <= Private Gateway (Address C) <= Agent (Address D)

Cluster Node (Address A) <= Private Gateway (Address C) <= Agent (Address D)

Regards,

0 Kudos
Reply

Zbigniew_Wroble
Dynatrace Helper
Dynatrace Helper

‎25 Jan 2018 01:00 PM

When Private Gateway has 2 Addresses C1 and C2 and dnsEntryPoint=Address C1 then it will be known to other component only with Address C1

In your cases:

Cluster Node (dnsEntryPoint=Address A - in SG on Node) <= Public Gateway (dnsEntryPoint=Address B) <= Private Gateway (dnsEntryPoint=Address C) <= Agent (Address D)

Cluster Node (dnsEntryPoint=Address A - in SG on Node ) <= Private Gateway (dnsEntryPoint=Address C) <= Agent (Address D)

Regards

0 Kudos
Reply

pshinde
Inactive
In response to Zbigniew_Wroble

‎06 Apr 2018 11:33 AM

We have all the required communication from Security gateway server to managed 3 node cluster . But when we try to install the security gateway it is not able to connect to cluster . Both manage cluster server and Seucirty gateway server have multiple NIC. Kindly help how to solve this issue

0 Kudos
Reply

hmor3
Inactive

‎18 Mar 2018 02:57 PM

Hi Guys,

Is this dnsEntryPoint option available in oneagent config file as well?

Can I restrict my Oneagent to communicate via a fixed ip(out of multiple IPs on the Oneagent machine) ?

Thanks

Himanshu Mor

0 Kudos
Reply

himanshumor
Inactive

‎22 Mar 2018 10:39 AM

Hi Guys,

i can see below entry in ruxitagentnetwork.conf file in conf foldre of oneagetn installation directory

# The list of interfaces to sniff on, special value 'any' means all Ethernet interfaces.
# Default: any
#interfaces eth0

So by specifying specific interface , can i restrict my oneagent to send monitoring traffic over a specific inteface only like eth6 or etc??

Thanks

HM

0 Kudos
Reply

pshinde
Inactive
In response to himanshumor

‎06 Apr 2018 11:30 AM

We have all the required communication from Security gateway server to managed 3 node cluster . But when we try to install the security gateway it is not able to connect to cluster . Both manage cluster server and Seucirty gateway server have multiple NIC. Kindly help how to solve this issue

0 Kudos
Reply
Ask a question

Featured Posts