In segmented network environments, not all devices can reach the GLPI server directly. The GLPI Agent proxy mode solves this with an intermediary agent.
When to use a proxy
- Branch offices without a direct VPN to the data center
- Isolated networks (DMZ, OT/ICS, laboratory)
- Environments with restrictive firewalls (only HTTP/HTTPS egress)
- Remote sites with unstable links
Architecture
[Network A Devices] → [GLPI Agent Proxy A] → [Internet/VPN] → [GLPI Server]
[Network B Devices] → [GLPI Agent Proxy B] → [Internet/VPN] → [GLPI Server]Each network has a proxy agent. Devices on the network send their inventory to the local proxy. The proxy consolidates and sends it to GLPI.
Configuration
Proxy agent
glpi-agent --server https://glpi.suaempresa.com --httpd-trust 192.168.1.0/24 --listenLocal agents
glpi-agent --server http://proxy-local:62354Best practices
- Use HTTPS between the proxy and the GLPI server
- Restrict --httpd-trust to the local network range
- Configure redundancy: two proxies per critical network
- Monitor the proxy with Zabbix or similar
