Share this page
Set up an over-firewall deployment
This task describes how to configure the over-firewall system.
-
Prerequisites.
Make sure you have installed the necessary components as described in the first step of Set up your system over firewalls.
-
Set up your deployment (TCP or TCP over proxy)
To run Vusers or monitor servers over the firewall, configure your system according to one of the following configurations. Note that these configurations contain a firewall on each LAN. There may also be configurations where there is a firewall for the Over-Firewall LAN only.
-
TCP configuration
The TCP configuration requires every LoadRunner Agent machine behind the customer's firewall to be allowed to open a port in the firewall for outgoing communication.
-
TCP over proxy
In the TCP over proxy configuration, only one machine (the proxy server) is allowed to open a port in the firewall. Therefore, it is necessary to tunnel all outgoing communications through the proxy server. A proxy server is required to support HTTP tunneling using the CONNECT method.
Tip: The LoadRunner standalone load generator and standalone monitor over firewall (MOFW SA) cannot be installed on the same machine.
However, the standalone load generator can be used for monitoring purposes, the same way as the MOFW SA.
A single machine cannot be used simultaneously for both running Vusers and monitoring.
-
-
Configure the firewall to allow agent access.
Modify your firewall settings to enable communication between the machines inside the firewall and machines outside the firewall.
-
If your system has a TCP configuration:
The LoadRunner Agent attempts to establish a connection with the MI Listener using port 443, at intervals specified in the Connection Timeout field in the Agent Configuration dialog box.
To enable this connection, allow an outgoing connection on the firewall for port 443. The agent can then connect to the MI Listener, and the MI Listener can connect back to the agent.
From this point on, the agent listens to commands from the MI Listener.
-
If your system has a TCP over proxy configuration:
The LoadRunner Agent attempts to establish a connection with the MI Listener, using the proxy port specified in the Proxy Port field, and at intervals specified in the Connection Timeout field in the Agent Configuration dialog box. When the connection is established, the proxy server connects to the MI Listener.
To enable this connection, allow an outgoing connection on the firewall for port 443. The proxy server can then connect to the MI Listener, and the MI Listener can connect back to the agent through the proxy server.
From this point on, the agent listens to commands from the MI Listener.
-
If you intend to start the LR Agent service from the Local System account, you need to grant it permissions:
- Add a local user on the AUT machine with the same name and password as the local user on Agent machine.
- Add the AUT local user to the Performance Monitor Users group
- Restart the Agent process.
Note: If you do not provide permissions, the monitor graph does not display any data.
-
-
Configure the MI Listener.
To enable running Vusers or monitoring over a firewall, you need to install the MI Listener on one or more machines in the same LAN as the Controller outside the firewall.
Note:
- The Controller installation automatically includes the MI Listener, so you can designate Controller as the MI Listener machine.
- The MI Listener can only be installed on Windows machines.
For information on how to configure the MI Listener, see MI Listener Configuration dialog box.
