Overview
This article covers the GFI LanGuard Agent Relay component. After reviewing this article, you will:
- Become familiar with Relay Agents.
- Learn about relay caching.
- Be able to identify and troubleshoot common issues encountered when using Relay Agents.
Introduction
In larger networks, customers may experience increased network bandwidth use due to the amount of data transferred from the GFI LanGuard server to managed computers. The data consists of definition updates delivered to Agent computers and of patches being deployed to target computers.
GFI LanGuard is designed to spread out the network traffic by configuring Agents as a relay of the server. Computers configured as Relay Agents download patches and definitions directly from the LanGuard server or upstream Relay and serve them to client computers. The main advantages of using Relay Agents are:
- Reduced bandwidth consumption in local or geographically distributed networks. If a Relay Agent is configured on each site, a patch is only downloaded once and distributed to client computers
- Reduced hardware load from the GFI LanGuard server component and distributed amongst relay agents
- Using multiple Relay Agents increases the number of devices that can be protected simultaneously.
Note that it is possible to have cascading Relay Agents. It is recommended to keep the number of computers and agents directly connected to the GFI LanGuard server or to one Relay Agent below 100.
Description
System Requirements for the Relay Agent
Computers running Relay Agents must meet the system and environmental requirements for performance reasons.
Relay Agents Deployment and Configuring
Actually, Relay Agents are not deployed. Rather the devices that have the LanGuard Agent installed can be promoted to Relay Agents. This is done from within GFI LanGuard, refer to Configuring Relay Agents for more information.
Relay Agent as a usual agent can download updates from the LanGuard server or from another relay. The last case is named a cascading relay.
How to connect computers to a Relay, to set up Relay Agent port, the cache directory, and other parameters, is covered by the Configuring Relay Agents article.
Relay Agent Caching
Relay Agents are acting as caching points. If the computer is assigned a Relay Agent, the agent doing the update or PatchAgent working on remediation will request the files from the Relay Agent. If the Relay Agent has the file already in its cache, it will deliver the update file. If not, it will request it from the GFI LanGuard server or upstream relay, and once retrieved, add the file to its relay cache.
Like the main LanGuard server, Relay Agent cache files in a particular cache folder and configure Apache HTTPD for process requests. Languard uses Apache Module mod_cache for caching. LanGuard sets the configured cache folder in C:\ProgramData\GFI\LanGuard 12\HttpdConfig\product\cache.conf
on start Apache Httpd server.
Relay Agent cache folder is specified in the C:\ProgramData\GFI\LanGuard 12\toolcfg_relay.xml
. Default relay cache folder is C:\ProgramData\GFI\LanGuard 12\RelayCache\
.
Relay Agents Troubleshooting
Since Relay Agent is just the role of a regular Agent all the relevant agent troubleshooting applies here. Below will be covered the issues and troubleshooting related to the communications, relaying, and caching functions.
Agent Diagnostics Tool
The GFI LanGuard Agent Diagnostics tool is designed to assist users in case of technical issues related to GFI LanGuard. Through this tool, you can verify agent connectivity, view error messages, and obtain a summary with all the relevant state information about the Agent/Relay Agent.
In the LanGuard server console Dashboard > Overview > Agent Status you can see the diagnostic information about the agent status.
Clicking on the Agent Diagnostics link launches a new GUI which displays the progress and results of an agent diagnostic operation. The Agent Diagnostics Tool retrieves all the information required to solve common issues - verifies connectivity to/from the agent, provides helpful error messages when needed, and also displays a summary at the end containing relevant state information about the agent.
These are the communication checks LanGuard performs on the agents:
- Ping check: An ICMP echo request is sent to the target machine to determine if the machine is switched on.
- Authentication check: Validates the credentials supplied on the target machine or service account in order to verify that we have enough privileges.
- Remote registry check: Verifies that we have proper read access to the remote registry.
- Agent Service status: Checks the status of the GFI LanGuard 12 Attendant Service.
- File and Sharing Server check: Verifies that we have at least write and list permissions to the Admin Shares.
- Agent communication: Checks that the port TCP 1072 is open between the LanGuard server and the clients.
If all of the checks pass Agent Diagnostic collects troubleshooting data and imports it to the %DataFolder%\Servers\{SERVER UID} directory on the Server. If there are communication errors between Server and Agent, the troubleshooter archive is created on the Agent %AgentDataFolder%\Servers\{SERVER UID} folder.
If the remote registry check fails all the next steps fail and the troubleshooter archive is not generated.
Relay Agent Related Heath Errors
The Agent Heath pane displays any error encountered by Agents and Relay Agents.
The following types of errors can be encountered:
The Agent cannot connect to Server via Relay
These errors occur when an Agent cannot connect to a Relay.
Possible reasons:
- The Relay is offline
- A firewall on the Relay or on the route is blocking the Agent access
- The Agent is in another subnet
Relay is offline
These errors occur when LanGuard Server is unable to contact a Relay.
Possible reasons:
- The Relay is offline
- ICMP Echo is disabled on the relay
- A firewall on the relay, or somewhere in between, is blocking the access
Relay functionality errors
These errors occur when a relay agent cannot function according to its specifications and settings.
Possible reasons:
- Invalid cache folder
- Not enough disk space for caching
- A firewall blocking Apache
- Other Apache errors
Common Issues
Health errors listed above cover practically all the issues with Relays. As you can see, all of them are communications/availability or cache related. Troubleshooting is covered by the public Why are the Machines not able to Get Updates and Download Patches through the Agent Relay? article.
It is important to realize that in case the Relay Agent is offline or switched off, the Agents trying to update will just shrug and move on with the scanning job, while the PatchAgent will fail to get the patches, thereby stopping the related remediation tasks. There is no fault tolerance and the computer will simply not be remediated until its assigned Relay is back online or another Relay is configured.
The file requests can be seen in the Relay Agent %AgentData%\DebugLogs\HTTPD\access.log
. If the relay has to request the file from the LanGuard server, you can view the requests in the Server’s access logs (debug does not have to be enabled).
Another periodic question arising is regarding the Apache vulnerabilities and it is covered by the article LanGuard Apache web server is outdated or has security vulnerabilities reported.
<supportagent>
Ticket Examples
- https://central-supportdesk.zendesk.com/agent/tickets/2390370
- https://central-supportdesk.zendesk.com/agent/tickets/1938248
</supportagent>