How to setup Wazuh agent in a restricted zone
633 views
Skip to first unread message
Eric
Jun 18, 2021, 2:12:15 AM6/18/21
to Wazuh mailing list
Hi everyone,
I have some servers in a restricted zone. It's a Database layer since it doesn't allow communication with the internet. So my question how do I have to set up Wazuh Agent on Database in a restricted zone but still possibly communicates with Wazuh's manager & sending data in near real-time through an encrypted and authenticated channel.
My environment: Distributed deployment
- Wazuh Server version: 4.1.5 (App revision: 4101-3)
- Wazuh agents: 4.1.4 (all effected)
- ES 7.10.0 (Opendistro)
- Server: Ubuntu 18.04 LTS, 4 vCPU, 18 GB RAM.
- Wazuh Cluster, Elastic Cluster.
- NGINX Load balancer
Regards,
Sandra Ocando
Jun 21, 2021, 8:03:41 AM6/21/21
to Eric, Wazuh mailing list
Hello Eric,
You may configure the Wazuh agents to communicate directly with a proxy instead of the manager. Information on distributing agent connectivity with a manager using NGINX can be found here: https://documentation.wazuh.com/current/user-manual/configuring-cluster/advanced-settings.html
You may install the Wazuh agents by provisioning the installers found here for the various OS: https://documentation.wazuh.com/current/installation-guide/packages-list.html
Please let us know if you have any other questions.
Best regards, You may configure the Wazuh agents to communicate directly with a proxy instead of the manager. Information on distributing agent connectivity with a manager using NGINX can be found here: https://documentation.wazuh.com/current/user-manual/configuring-cluster/advanced-settings.html
You may install the Wazuh agents by provisioning the installers found here for the various OS: https://documentation.wazuh.com/current/installation-guide/packages-list.html
Please let us know if you have any other questions.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/ac1a2b93-a06e-464d-bdec-712ad91b1ebdn%40googlegroups.com.
Eric
Jun 21, 2021, 11:09:26 AM6/21/21
to Sandra Ocando, Wazuh mailing list
Hello Sandra,
Thank you for your email.
I am a little bit confused about your answer. You mean, should I put a proxy in the DMZ to directly communicate with the Wazuh Agents in the restricted zone? Is this correct?
In the previous email, I did not point out my case. Please allow me to explain more in detail about this case to suggest a solution with me.
My company has two branches where Wazuh Cluster, Elastic Cluster, NGINX Load Balancer are hosted in N. Virginia. And another has the database hosted in Ohio, in which I need to set up a Wazuh agent on the database in its restricted zone. I did not understand your solution in the previous email.
Sandra Ocando
Jun 22, 2021, 6:16:08 AM6/22/21
to Eric, Wazuh mailing list
Hello Eric,
You can use an intermediary between your DMZ and your Wazuh manager, for example, nginx. The Wazuh agents in the DMZ can be pointed to nginx, and nginx can be configured to resend all logs received in port 1514 to the Wazuh manager. That way you can monitor your air-gapped environment.
In this link you can find how to configure the agents as well as nginx: https://documentation.wazuh.com/current/user-manual/configuring-cluster/advanced-settings.html
Best regards,
Sandra.
You can use an intermediary between your DMZ and your Wazuh manager, for example, nginx. The Wazuh agents in the DMZ can be pointed to nginx, and nginx can be configured to resend all logs received in port 1514 to the Wazuh manager. That way you can monitor your air-gapped environment.
In this link you can find how to configure the agents as well as nginx: https://documentation.wazuh.com/current/user-manual/configuring-cluster/advanced-settings.html
Best regards,
Sandra.
Reply all
Reply to author
Forward
0 new messages