Firewalls place a barrier between your servers and other machines on the network to protect them from external attacks, but they can also prevent the DigitalOcean Metrics Agent from working on your Droplet. This includes DigitalOcean’s Cloud Firewall service and locally installed firewalls protecting your Droplet. Whatever firewall you use, you need to allowlist the metrics agent to access the DigitalOcean monitoring service. Otherwise, the Droplet’s metrics data can’t be reported to the monitoring service.
If you are using DigitalOcean’s Cloud Firewall, you need to create firewall rules that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports
The DigitalOcean Metrics Agent connects to DigitalOcean using ports
443 on your Droplet. To allow the metrics agent to connect through the firewall, you need to create rules in your firewall software that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports
You can create these rules using UFW for Ubuntu and Debian systems, or Firewalld for CentOS and Fedora systems. These services interface with
iptables, the Linux kernel firewall program native to most Linux operating systems. You can also configure these firewall rules in
iptables directly, although we recommend using UFW or FirewallD because they are easier to use.