Zabbix Agent Installation on Pfsense

Zabbix Agent Installation on Pfsense

Jun 17, 2022 - 09:13
 0  957
Zabbix Agent Installation on Pfsense

Zabbix Agent Installation on Pfsense

Would you like to learn how to install the Zabbix agent on Pfsense? In this tutorial, we are going to show you all the steps required to perform the Zabbix agent installation on a Pfsense server in 5 minutes or less.

• Pfsense 2.4.4-p3

PFSense - Zabbix Agent Installation

Open a browser software, enter the IP address of your Pfsense firewall and access web interface.

In our example, the following URL was entered in the Browser:

• https://192.168.15.11

The Pfsense web interface should be presented.Pfsense login

On the prompt screen, enter the Pfsense Default Password login information.

• Username: admin
• Password: pfsense

After a successful login, you will be sent to the Pfsense Dashboard.Pfsense dashboard

Access the Pfsense System menu and select the Package manager option.pfsense package manager menu

On the package manager screen, access the Available packages tab.

On the Available packages tab, search for zabbix-agent and install the Zabbix agent package.

There are multiple agent versions available, make sure you select the same version of your Zabbix server.pfsense zabbix install

In our example, we have a Zabbix server version 4.2.6.

In our example, we installed the Zabbix agent package named: zabbix-agent42

Wait the Zabbix agent installation to finish.

Access the Pfsense Services menu and select the Zabbix Agent option.Pfsense configure zabbix agent

On the General tab, enable the Zabbix agent service and perform the following configuration:

• Server - The IP address of the Zabbix server
• ServerActive - The IP address of the Zabbix server
• Hostname - The hostname of the PFsense firewall
• Listen IP - Use 0.0.0.0 to listen on All IP addresses
• Listen Port - Zabbix agent default port 10050pfsense zabbix agent configuration

On the TLS-RELATED Parameters area, you need to perform the following configuration:

• TLS Connect - PSK
• TLS Accept - PSK
• TLS PSK IDENTITY - key-pfsense-01
• TLS PSK - fb6616cd582a2fa0aa161cab3423a9ca640c931b21c8c2e3b7132d6db75aadff (Create your own key)pfsense zabbix encryption

If you need help to create a PSK key, you may use websites like: https://www.browserling.com/tools/random-hex

After finishing the configuration, click on the Save button on the bottom part of the screen.

In our example, we used the following configuration:

• The Zabbix server has the IP address: 192.168.15.10.
• The PFSense firewall has the IP address: 192.168.15.11.
• The Pfsense firewall hostname is: PFSENSE-FIREWALL
• The PSK Identification key was named: key-pfsense-01
• The communication will be encrypted using the following key: fb6616cd582a2fa0aa161cab3423a9ca640c931b21c8c2e3b7132d6db75aadff

You have successfully installed the PFsense Zabbix agent.

PFSense - Zabbix Firewall Configuration

By default, the PFsense firewall does not allow external Zabbix connections to the WAN interface.

In our example we are going to create a firewall rule to allow the Zabbix communication.

Access the Pfsense Firewall menu and select the Rules option.pfsense firewall rule menu

Click on the Add button to add a rule to the Top of the list.pfsense add firewall rule

On the Firewall rule creation screen, perform the following configuration:

• Action - Pass
• Interface - WAN
• Address family - IPV4
• Protocol - TCPPfsense firewall zabbix

On the Source configuration screen, you need to define the Zabbix server IP address.

This IP address should be allowed to communicate with the Zabbix agent installed on the Pfsense firewall.

In our example, only the computer using the IP address 192.168.15.10 will be able to communicate with the PFsense Zabbix agent.pfsense snmp firewall source

On the Firewall destination screen, perform the following configuration:

• Destination - Wan address
• Destination port range- From (Other) 10050  to (Other) 10050pfsenze firewall zabbix port

On the Firewall Extra options screen, you may enter a description to the firewall rule.

Click on the Save button, you will be sent back to the Firewall configuration screen.

Now, you need to reload the firewall rules to apply the Zabbix communication firewall rule.

Click on the Apply changes button to reload the firewall configuration.Pfsense apply firewall rule

You have finished the PFsense firewall configuration to allow the Zabbix server communication using the WAN interface.

PFSense - Testing the Zabbix Agent Configuration

To test the Pfsense Zabbix agent configuration, access the command-line of your Zabbix server.

First, we need to create a file containing the PSK key for communication encryption.

Create a temporary PSK key file on the Zabbix server.

Insert the PSK Key previously defined inside this file.Copy to Clipboard1

touch /tmp/key-pfsense-01
vi /tmp/key-pfsense-01
fb6616cd582a2fa0aa161cab3423a9ca640c931b21c8c2e3b7132d6db75aadff

Use the following command to test the communication between the Zabbix server and the Zabbix agent.

If everything worked, the Zabbix agent should report the agent version installed on the Pfsense server.Copy to Clipboard1

zabbix_get -s 192.168.15.11 -k "agent.version" --tls-connect=psk --tls-psk-identity="key-pfsense-01" --tls-psk-file=/tmp/key-pfsense-01
4.2.1

Keep in mind that you need to change the Zabbix agent IP address, the PSK identification name and the PSK key value to reflect your environment.

You have successfully performed a communication test between the Zabbix server and the Zabbix agent installed on the Pfsense firewall.

like

dislike

love

funny

angry

sad

wow