Check windows agent behind firewall

Hello,
I’m trying to check a windows agent behind a firewall. It’s able to connect from master to client on port 5665. If I want to install the icinga agent on the windows machine it want to connect on 5665 to the master for certificates. But the firewall blocks the connection from agent to server on this port.

Any hints or help?

Thanks.
Picard

It doesn’t matter who is initiating the connection, so use the direction which in functioning in your case.

Hello,
I’m trying to check a windows agent behind a firewall. It’s able to connect
from master to client on port 5665.

I’m assuming “client” here means the agent performing the service check?

So, you’re saying that the Icinga master can connect to the Icinga agent -
good.

If I want to install the icinga agent on the windows machine

Er, where is it installed now?

it want to connect on 5665 to the master for certificates.

That is one way of doing it, biut not the only way.

But the firewall blocks the connection from agent to server on this port.

Any hints or help?

See https://icinga.com/docs/icinga2/latest/doc/06-distributed-monitoring/
#manual-certificate-creation

Antony.

Thank you all for help.

I could put it into practice. I did some tiny mistakes. The greatest mistake I made was to forgotten to sign the certificate on the master side. A look on master with “icinga2 ca list” help to understand the matter.
Normally I work with the kickstartscript over the director.