Hi there,
I am about to set up the PRTG and are not sure which setup is the best for my use case.
Use case: Remote monitor a network, which itself is "protected" to the internet via Firewalls and a DMZ, from another network's DMZ.
The following setups came to my mind:
1) Core server in the remote DMZ, remote probe in the network to be monitored, PRTG Web Client in "my" DMZ
2) Core server in "my" DMZ, a remote probe in the remote network
3) Core server in "my" DMZ, a remote probe in the remote DMZ
4) Core server in the remote DMZ, remote probe in the remote network, a cluster core server in "my" DMZ
Problems that make me be unsure which one to use:
- With 1), the same protocol (TCP) would be used for both the connection from the core server to its remote probe, and from the core server to "my" DMZ (TCP over SSH, Internet)
- With 2), I have not found a way to access the probe in the remote network from "my" DMZ, because there is the remote network's DMZ and the internet in between and I want a change of the communication protocol in the network's DMZ
- With 3), The remote probe now monitors the remote DMZ... But I want it to monitor the remote network. Is there a way to have a remote probe of a remote probe?
- With 4), this surely is not the way to use the cluster..
I hope I could describe everything clearly enough. Feel free to ask any questions where I was not clear.
Regards, Rebekka
Hello RebekkaL,
from PRTG's point of view, all remote probes have to be able to reach the core server via TCP protocol. Connection is initiated by the probe, but of course it is used bidirectionally. For a cluster, both cluster node have so reach each other.
A probe can only send to the core, not to another probe. For PRTG, network address or protocol translation has to be transparent.
The remote probe concept makes firewall rules easy: Allow TCP port 23560, PRTG uses it for an encrypted communication.
Jul, 2020 - Permalink