Rapid7 Agent are not communicating with R7 collector and it is facing some communication issues even after require ports are open on firewall .
Thanks for reaching out. This is something our support team can best assist you with by reaching out at: https://r7support.force.com/
I did raised case they just provide me the KB article,I would need some one need to really help
In order to put us in a better position to assist, can you please clarify which Rapid7 solution you are referring to? I suspect it is InsightIDR, but at the same time it is possible for InsightVM customers to have agents deployed with the desired goal of having the assets with agents installed reporting into a collector.
In the meantime, if I assume that you are referring to InsightIDR, can you help me understand what you are seeing (or not seeing), and why you feel that these agents are not reporting into a certain collector? For context, the agents can report directly into the Insight Platform OR any collector that you have deployed. When it is time for the agents to check in, they run an algorithm to determine the fastest route. And so it could just be that these agents are reporting directly into the Insight Platform.
If you review the help link below, it outlines the networking requirements needed for the agent to report into the Insight Platform and also the requirements needed for the agent to report into any collectors you have deployed:
I know that you said you have made the proper firewall rule changes, but can you just double check this page and confirm? Assuming you have made the proper changes, this brings me back to my original question - can you help me understand what you are seeing (or not seeing), and why you feel that these agents are not reporting into a certain collector?
Hi! I have a similar challenge for some of my assets.
I am using InsightVM and after allowing the assets to reach the Collector having opened the ports, It fails during installation. See the attached image.
Note: the asset is not allowed to access the internet. Neither is it on the domain but it’s allowed to reach the collector.
I also have had lots of trouble trying to deploy those agents. Of course, assets cannot be allowed to communicate directly with the platform, traffic has to go through a proxy. I think this is still state of the art in most organizations. To cut a long story short here’s how we finally succeeded:
Token-based Installation fails via our proxy (a bluecoat box) and via Collector. The installer keeps ignoring the proxy and tries to communicate directly.
Certificate-based installation fails via our proxy but succeeds via Collector:8037. To mass deploy on windows clients we use the silent install option:
msiexec /i agentInstaller-x86_64.msi HTTPSPROXY=<hostname|ip_address>:8037 /quiet
Note that the installer has to be invoked in the same directory where the config files and the certs reside.
Also the collector - at least in our case - has to be able to communicate directly to the platform. With Linux boxes it works accordingly.
Hope that helps.
youll need to make sure agent service is running on the asset. Then youll want to go check the system running the data collection. I had to manually go start that service. it needs to be symlinked in order to enable the collector on startup.
hope this helps.
forgot to mention - not all agented assets will be going through the proxy with the collector. I look at it as an assessment of how to bring agent data to the cloud platform most efficiently.