What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

How can we use PRTG with only one external IP address (e.g. via TMG)




We are testing PRTG for our hosted monitoring service. The server running PRTG is hosted on Windows Azure and we only have one public IP address we can use. We are running into a problem we are unable to resolve.

By default the webserver of PRTG is running on port 443, which is fine and accessible from all our clients locations. The Sensor however is using SSL and is running on a non default port 23560. This port is not open by default and we can not use it. We would like to have all PRTG services running on port 443 and use encryption. As we only have 1 external IP address on Azure, we decided to place a Microsoft TMG 2010 in front of PRTG. This works great for the web interface of PRTG, but we can not get external probes to connect. TMG is listening on two different host names on the same external IP address. Webserver traffic is internally redirected to port 443 on the PRTG servere, probe traffic is redirected internally to port 23560. However this doesn’t seems to work, we are receiving the following error in the event log of the TMG server: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

When we test the connection using a webbrowser, we receive the following error Error Code: 500 Internal Server Error. The client and server cannot communicate, because they do not possess a common algorithm. (-2146893007)

What is the best way to use PRTG on default web ports (80 unencrypted and 443 encrypted) without requiring us to open ports on firewalls (our clients will not accept that).

Thank you and kind regards, Heraut

443 cipher default-ports probe sslv2 sslv3 tmg

Created on Dec 28, 2013 12:42:32 PM

1 Reply

Accepted Answer



The communication between PRTG Probe and PRTG Core (default port 23560) uses a proprietary protocol that can not be tunnelled through https or a proxy like TMG. And you can't run the HTTP webserver for the UI and the probe connections on the same port either.

You must either set the firewall/proxy to tunnel through the communication or open the port on the VM that runs the PRTG Core in the Azure settings ("Setting up Endpoints"). I am not familiar with Azure, but I think this link should help: http://www.windowsazure.com/en-us/manage/windows/how-to-guides/setup-endpoints/

BTW, you could also use EC2 of Amazon AWS. We are using it constantly for PRTG and working with probes is no problem on EC2.

Created on Dec 30, 2013 10:37:24 AM by  Dirk Paessler [Founder Paessler AG] (11,025) 3 6

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.