What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Remote Probe: Multi-site

Votes:

0

Hi PRTG, can remote probe on branches site to HQ site via normal internet due to our site branch has no vpn connection. is that secure?

monitoring multi-site remote-probe

Created on Dec 14, 2017 1:49:05 AM



4 Replies

Accepted Answer

Votes:

0

Hi Dean92,

According to How Probes Work section on https://www.paessler.com/manuals/prtg/remote_probes_and_multiple_probes,
The connection between probe and core is initiated by the probe, secured using Transport Layer Security (TLS). This means that the data sent back and forth between core and probe is not visible to someone capturing data packets.


I've leveraged this in situations like yours to connect a probe back to the core. I would recommend allowing only the whitelisted source IP of the probe(s) to connect to the NAT you open to expose the core.


According to https://kb.paessler.com/en/topic/69754-remote-probe-connection,
Probes use dynamic high ports to connect to their PRTG Core Server. Only on the core side it is fixed to port 23560, as the target TCP Port. A Probe does not need to use the same port for its outgoing connection, so it opens a dynamic high port.


Hope this answers your question!
Thanks,
Randolfini

Created on Dec 14, 2017 2:31:20 PM



Votes:

0

Hello Randolfini,

Thank you very much for your answer, there is nothing left to be added.

Regards,
Sebastian

Created on Dec 14, 2017 3:45:12 PM by  Sebastian Kniege [Paessler Support]



Votes:

0

and how about connection between branch and HQ with two different VPN connection. for example, HQ using VPN cloud A and branches using VPN cloud B, how the connection remote probe with core server(at HQ) establish?

Created on Dec 15, 2017 3:24:13 AM



Votes:

0

Hello dean92,

Of course, Remote Probe and Core Server must be able to "see" each other.

See: PRTG Manual Remote Probes and multiple Probes:

Because the probe initiates the connection, you must ensure that a connection can be established from the outside world to your core server. For example, you may need to open any necessary ports in your firewall and you may need to specify a Network Address Translation (NAT) rule for your network. The process is the same as if you wanted to allow access to the web server provided by the PRTG core server via port 443, for example. Usually it is sufficient to open or forward TCP port 23560 (default) on the machine that runs the core server; on probe side it is not necessary to open any port in most cases.


Best regards,
Sebastian

Created on Dec 18, 2017 8:53:47 AM by  Sebastian Kniege [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.