There are two options available to monitor a SQL Server host located in the DMZ outside of an internal firewall.
- Install a Foglight Agent Manager in the DMZ and then have the FglAM communicate with the hosts also in the DMZ. A port would be required to be opened then from the Agent Manager back to the FMS (for example 8080, or 8443) to send the http data, as well as using an On-Demand Data Port (e.g. 3723/3235) for ad hoc queries, and a SQL PI repository port (5029).
- Allow the FglAM inside corporate network to communicate through the firewall to the hosts in the DMZ. In those situations, the DB server port (e.g. 1433) and the OS monitoring ports (e.g. WMI, or WinRM port 80, 443, etc) would be opened between in the DMZ firewall between the FglAM and the hosts. The FglAM and PI repository would then also communicate to each other inside the firewall.