we appreciate your KB-Post.
Now, PRTG's current® architecture is composed of two parts, which handle the following:
- PRTG Core Server
- Access Control
- Everything else.
- PRTG Probe Service
Every PRTG installation has at least one Core Server and one Local Probe. While you can't split any of the roles performed by the Core Server, you can use remote probes to monitor any remote network(s). The only port required for the Core <-> Probe communication is port 23560.
This means that one acceptable/valid approach would be to install your Core Server on the DMZ and open only TCP port 23560 to allow the encrypted monitoring requests and results to transit between the LAN and DMZ.
The other alternative is as described in the other post using a different webserver to proxy all communication with PRTG:
Luciano Lingnau [Paessler Support]