Hi. I have an Elastic Cloud 8.4 instance and I have to install an elastic-agent on a protected machine A that doesn't directly reach the internet but reaches another machine B that does.
So I have something like: A -> B -> Elastic Cloud 8.4
What I have done:
- Installed and configured logstash on machine B to forward data from port 5044 to Elastic Cloud.
- Configured that logstash instance as possible output in Elastic Cloud.
- Installed an elastic-agent with "Fleet Server" integration on machine B, added its url to the "Fleet server hosts" in Elastic Cloud.
- Created a fleet policy for machine A and selected logstash as default output.
The problem is that when I try to enroll the agent on machine A, even if I specify machine B url as fleet-server in the command, the agent tries to enroll directly to Elastic Cloud and fails.
Am I missing something? Is there a way to force machine A to pass throgh machine B for: enrollment, fleet management and data? Perhaps the only way is using a standalone agent.