HUB robot in passive mode

Document ID : KB000034292
Last Modified Date : 14/02/2018
Show Technical Document Details


After adding support for passive mode for Robots in ver X.x (Where firewall is prohibiting access in direction from Robot to HUB - passive mode only allows access in the direction from HUB to Robot.) Communication between Hubs and Robots is usually 2-way, meaning that both Hub and Robot can initiate communication. You can, however, define that only the HUB should initiate communication. This is done by setting robots to Passive mode.

What are the effects of running the relay in passive mode? How is this done? Are their drawbacks to running in passive mode?


This feature is an additional security measure for Hub/Robot communication. Passive mode is a mode designed for situations where the robot is e.g. behind NAT, hence no clear route to it - this is redundant if a tunnel is in place.

Additional Information:

The hub needs to be able to initiate the connection to the robot on port 48000, so the passive robot needs to be set up in the hub with the correct public ip/port. The hub will maintain this connection so that the Robot can communicate back through it.

After you put a Robot into passive mode, you must restart the Robot, then wait until it turns green (activated) and then you can deploy probes to it. Note that when you add a passive robot, it is written to the hub.cfg file under /robots section. When you change the robot from passive to normal then you have to remove the passive robot from the Robots tab using "Remove Passive robot" and not "remove robot" - this will remove the entry from the hub.cfg and now robot will show up as 'Regular' in robots section. "Remove Robot" is for non-passive robots which do not exist in the hub.cfg file but are kept in in-memory table and on the filesystem in \hub\robots.sds file.

Note on Silent installs MSI install uses an answer file where you can specify robot mode as ROBOT_MODE=passive.

You can deploy new probes to robots if they're in passive mode and they can be restarted/modified/managed/administered.