Hi,
This article suggests the remote probe uses TCP/23560 only. https://helpdesk.paessler.com/en/support/solutions/articles/76000041648-which-ports-does-prtg-use-on-my-system
However, this discussion suggests the remote probe will communicate on a dynamic high port https://helpdesk.paessler.com/en/support/solutions/articles/69754-remote-probe-connection
I have read other discussions which suggest the probe-to-core connection is both ways. So the first KB article appears to be incorrect? Or at least not explaining the requirements fully?
Assuming I have core server on my corporate LAN, and a remote probe on a public internet IP, I would need the following rule on the corporate firewall
Allow, inbound, from probe_public_ip, from any port (then NAT to TCP/23560)
...And a similar rule on my remote probe...
Allow, inbound, from corporate_WAN_IP, from any port, to TCP/2350
This all seems a bit open to me. Is there any way to lock it down further?
Article Comments
Thanks Torsten for the reply. Your answer makes perfect sense.
What was confusing to me was this post by another Paessler employee suggesting communication is "both ways" https://https://helpdesk.paessler.com/en/support/solutions/articles/76000063874
This made me query whether port 23560 needed to be open on BOTH the probe and the core. You have confirmed that only the core needs this port open, not the remote probe. So thanks!
Feb, 2019 - Permalink
23560 needs to be open on the Core side of things. Both firewalls need to allow bi-directional connections of course (Core Side 23560 and Probe Side the dynamic high port, which again is the usual default behaviour).
Feb, 2019 - Permalink
Hello,
thank you for using PRTG and for the KB Post. Remote Probes connect to TCP Port 23560 (on the core service side), and to do this, they use a dynamic high port on their side (outgoing connection).
Usually it's not necessary to configure the firewall on the Remote Probe side because of it being an outgoing connection. The Core Side needs to be configured of course with the likes of NAT/PAT/etc..
best regards.
Feb, 2019 - Permalink