Firewall issues

Background

If the Arellia Agent is able to pull policies from the Arellia Management Server but tasks sent from the server are not received by the agent, then there is most likely a firewall issue. The Arellia Agent listens on port 5593 for incoming tasks from the server. If you can't access https://FQDN.OF.AGENT:5593/ from an internet browser then there is a firewall issue. If you can access that URL (it will show a 404 response) then there is an issue with the Arellia Management Server not being able to reach the Agent. If that is the case, you'll need to open up the Arellia Monitor and diagnose the log messages that are recorded when Arellia tries to send a task to the agent.

Solution

If you are using a 3rd party Firewall, then you'll need to configure an exception manually. Otherwise, check the following settings in Windows Firewall:

  1. Open Windows Firewall with Advanced Security on the Agent
  2. Verify that a rule called Arellia Agent (SSTP-IN) has been created (happens automatically when the Arellia Agent is installed)
  3. Right-click on the Windows Firewall with Advanced Security tree node on the left-hand side
  4. Select Properties and then click the Customize button under Settings 
  5. If the Rule Merging section shows the Apply Local Firewall Rules setting as No then that is the issue
    1. This setting means that the Windows Firewall is ignoring ALL local firewall settings and only applying firewall rules received from the domain.
  6. To fix this the Network team will need to copy the local Arellia Agent (SSTP-IN) rule and apply that to the entire domain

 

As long as the firewall is configured correctly and the Arellia Agent service is running, the server should be able to push tasks to agents on the same network.