What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Using PRTG with two domains

Votes:

0

Hello. What I'd like to do is this:

(The domains here have been changed to protect the innocent.)

The PRTG server we have currently is accessible via prtg.contoso.loc , an internal domain. It uses AD authentication and it uses an internal SSL certificate generated by the Certificate Authority for the domain.

However, what I'd like to do is have an external DNS A record called prtg.fabrikam.org and attach an SSL certificate to that so that the server can be accessed via HTTPS from the outside and inside.

So, it is obvious that in order to complete one step of this process, the server needs to have two NIC's, one NIC is on the DMZ and would be configured to answer to prtg.fabrikam.com, while the other NIC answers to prtg.contoso.loc and is on the internal domain.

Setting the server to just exclusively work on the fabrikam.com domain won't work because AD is using prtg.contoso.loc (I know, it was a bad design)

How can I get the PRTG server to accept requests for both domains to the server?

The rationale for doing this, is that I'd like to configure the PRTG application on our cell phones, but in order to do that, the server must use an externally accessible URL. How can I configure this?

Thanks.

domains multiple-nic ssl-certificate

Created on Oct 12, 2016 10:12:18 PM



2 Replies

Votes:

0

Hello,

I think PRTG is not able to manage this. The easiest and of course the right and secure way here is to manage the external access via a Reverse Proxy which hosts the external Certificate for prtg.fabrikam.org and offers the service for via prtg.contoso.loc.

Authentication would still be the Active Directory.

With this way you could also manage some more Security features, like disallow Calls like prtg.fabrikam.org/createsensor.htm etc so enforce an Read Only external Access even if the accounts are internally allowed to have this access. A little own Application Firewall.

The Security risk of an PRTG installation is often underrated. I work for some enterprise Customers and even the information of their ISP Bandwidth is a critical information besides a Firewall CPU Sensor which says the hacker "hey, just attack at 7:00pm, I'm busy there and my Layer 7 Features are not working"

Just said,

so please do not bring your PRTG public without any thought of security like many others if you google PRTG :)

Greetings Enterprise PRTG User

Created on Oct 13, 2016 7:45:36 PM



Votes:

0

What's keeping you from exposing PRTGs webserver to both IPs? Or is it about the certificate not being valid for either internal or external domain? Usually, we advise to use prtg.fabrikam.org for both internal and external records, given that the DNS resolves them accordingly (internal vs external). Make sure to take a look at Split-DNS, which is what you may want to use here.

Michele, please check your mailbox ;)

Created on Oct 17, 2016 6:43:44 PM by Stephan Linke [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.