FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
RV2
Staff
Staff
Article Id 335609
Description This article describes how to allow monitoring traffic between agents and the Zabbix server to pass through FortiGate.
Scope FortiGate.
Solution

Zabbix uses two different ports, depending on if it is performing a passive check or an active check.

 

  1. Passive Check.

 

In the case of a passive agent scenario, traffic is sent from the server to the agent via port 10050.

 

In the following scenario, the agents are located in the LAN network and the server on DMZ.

 

First you, create a specific service for port 10050/TCP protocol as shown below:

 zabbix passive.PNG

 

After that, use the service to allow the traffic via the following policy:

 

zabbix policy.PNG

 
  1. Active Check.

 

In an active agent scenario, all data processing is performed on the agent which is pushing the traffic to the server via port 10051/TCP protocol.

For this scenario, it is necessary to create a specific service for port 10051/TCP protocol, as shown below:

 Zabbix active.PNG

 

 After that, use the service to allow the traffic via the following policy:

 

zabbix policy2.PNG

 

Contributors