I still dont understand how the agent gets to the remote collector. In log insight you can set auto update agent. How does the update files get from the log insight server to the target server if there is a one way firewall rule from the agent to log insight.

The agent packages are stored on the vRLI server. The agent checks into the server to see if a newer version is available. If auto_update=yes is set in the INI, the agent downloads the package from the server. Through the use of a separate service on the client side, the update package is installed effectively upgrading the agent on the client. The communication is handled over the same ports as mentioned above.

But the firewall rules are only one way (agent to vRLI) not bi-directional. How can the agent download the client to do the update if the vRLI doesn't not have any firewall rules to allow it to talk to the agent

I see what you mean. Yeah, you're going to have to have bidirectional rules to allow that to happen. There's just no other way.

You would think they would have that in there firewall rule documentation. Thanks for the help all

That is my point. If there is no connection from the vRLI to the agent how does the agent auto update?

Th Agent connects to the server, downloads the new Agent, and installs it.

But how does it download it when there is no communication between the vRLI and the agent.

I get that the agent can talk to vRLI on the one way communication based on the documentation, vRLI has an update, How does vRLI push the update (Or the agent pull) if vRLI cant talk to the agent.

If i am told that you cant use the auto update feature with firewalls that is fine i wont but the documentation is very light on this matter

I think you're over-thinking this. The agent can and does talk to vRLI server. The agent will pull the new package from the server. In your firewall rules, just enable comm on the ports listed between source and destination and don't worry about direction, because it doesn't really matter.