Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-9929

Secure Remote Access to Device Web Interface via Zabbix Frontend (Through Server or Proxy)

XMLWordPrintable

    • Icon: New Feature Request New Feature Request
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • None
    • None
    • None

      A customer has requested the ability to access a monitored host’s web-based management interface directly from the Zabbix frontend, with the connection being established from the Zabbix server or proxy - not the end-user’s browser. This feature is a mandatory requirement for their network monitoring solution.

       

      Use Case & Problem

      Many network devices (switches, routers, appliances) offer web interfaces for configuration and monitoring. However, in secured or segmented networks, end-users using the Zabbix frontend do not have direct network access to the monitored devices. Instead, only the Zabbix server or Zabbix proxy can reach those devices.

      Currently, Zabbix provides limited host-level tools such as ping or traceroute from the frontend using the Zabbix server. However, there is no built-in method to remotely access a host’s web interface using Zabbix’s privileged network location (Zabbix server/proxy) as a relay/tunnel.

       

      The requested feature is to enable secure, proxied access to a monitored host’s web UI, through the Zabbix frontend, with the following requirements:

      Functional Requirements

      1. Access Web UI of Host via Zabbix Frontend:

      • From Monitoring → Hosts or the host dashboard, an action or tab is available to “Open Web Interface”.
      • The connection should not come from the user’s browser to the target device directly.

      2. Relay Through Zabbix Server or Proxy:

      • The Zabbix server/proxy acts as an intermediate that connects to the web interface of the device.
      • This handles cases where Zabbix frontend users cannot reach the monitored device directly due to network restrictions.

      3. Secure Tunnel or Web Proxy:

      • The dialog/window shown in the Zabbix frontend uses a secure reverse proxy or tunneling mechanism.
      • Web UI content is rendered within the Zabbix UI, fetched securely via the server/proxy.

      4. Integration Location:

      • Ideally exposed similarly to how ping and traceroute are available (e.g., host tools).
      • Can also be shown as a new tab in the host dashboard, labeled e.g., “Web Access” or “Device UI”.

      5. Security Considerations:

      • The system should allow or limit access based on Zabbix permissions.
      • Optional access control and audit logging of when and by whom such access was used.

            zabbix.dev Zabbix Development Team
            pzakrzewski Piotr Zakrzewski
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: