Proxying Wazuh agent and server
568 views
Skip to first unread message
ShtrudelMan
May 14, 2024, 9:45:11 AM5/14/24
to Wazuh | Mailing List
Colleagues!
Good afternoon everyone!
I came across the need to establish a connection between the agent and the Wazuh server. But there is a nuance!
I have two servers for tests. I installed Wazuh agents on both servers. Both servers are Debian 11.
But in the test environment, these servers are connected to my Wazuh server through a router. Moreover, server No. 1 is connected via network card No. 1 to the router directly, and server No. 2 is connected to server No. 1 through separate network cards, both on server No. 1 and on server No. 2.
Do you have a solution that would be safe from the point of view of proxying data through server No. 1?
I am attaching a diagram for connecting the servers. It is impossible to change the scheme or connections from the point of view of infrastructure security.
Server No. 2 only has a link to server No. 1 and server No. 2 does not have access to the network through server No. 1.
Good afternoon everyone!
I came across the need to establish a connection between the agent and the Wazuh server. But there is a nuance!
I have two servers for tests. I installed Wazuh agents on both servers. Both servers are Debian 11.
But in the test environment, these servers are connected to my Wazuh server through a router. Moreover, server No. 1 is connected via network card No. 1 to the router directly, and server No. 2 is connected to server No. 1 through separate network cards, both on server No. 1 and on server No. 2.
Do you have a solution that would be safe from the point of view of proxying data through server No. 1?
I am attaching a diagram for connecting the servers. It is impossible to change the scheme or connections from the point of view of infrastructure security.
Server No. 2 only has a link to server No. 1 and server No. 2 does not have access to the network through server No. 1.
Damian Nicastro
May 14, 2024, 12:30:06 PM5/14/24
to Wazuh | Mailing List
Hello StrudelMan:
I hope you are fine.
Fron the Wazuh point of view, the server PKI-DB need to have IP visibility to the wazuh-manager and also have TCP ports 1514 and 1515 for wazuh-agent registration and commnication.
You can have more details in the Wazuh architecture in the following document:
Regarding how to proxy to the traffic from server PKI-DB to the wazuh-manager machine and vice versa, it will entirely depend on your Network cards configuration. There is no extra configuration needed in Wazuh side.
For instance, you can solve making a bridge between both interfaces like in this example:
But other alternatives to forward the Traffic to a specific IP using "IPTABLES" or other Network applications are also possible:
I hope this helps.
Thanks
ShtrudelMan
May 29, 2024, 10:40:01 AM5/29/24
to Wazuh | Mailing List
Good afternoon colleagues!
Can Wazuh platform work with such software as TSOCKS?
Since I need to forward traffic from a closed network to an open network? And where can I configure agents to forward their traffic through an intermediary node?
Is this functionality supported at all?
Or do I need to manually configure the mediator node to forward traffic between nodes?
Will the example on your site at this link work in this case? “https://documentation.wazuh.com/current/cloud-service/your-environment/agents-without-internet.html”?
Can Wazuh platform work with such software as TSOCKS?
Since I need to forward traffic from a closed network to an open network? And where can I configure agents to forward their traffic through an intermediary node?
Is this functionality supported at all?
Or do I need to manually configure the mediator node to forward traffic between nodes?
Will the example on your site at this link work in this case? “https://documentation.wazuh.com/current/cloud-service/your-environment/agents-without-internet.html”?
вторник, 14 мая 2024 г. в 19:30:06 UTC+3, Damian Nicastro:
Reply all
Reply to author
Forward
0 new messages