What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Keep Loosing External Access to PRTG Server

Votes:

0

This issue only happens with PRTG, and I can't figure out the key reason why.

I set up a Reverse Proxy on the DMZ, which points to the PRTG Core Server. All good, verified external access and it works.

It's not until a few hours later, that I attempt to log on to PRTG externally, and I can't access the login page. I check if it's running internally by connecting to our VPN, and PRTG is running just fine, no changes in the configuration.

So I figured out that if I send out an unsolicited ARP request on the Firewall through SSH for the public IP address that PRTG is associated with, all of a sudden PRTG works instantly externally.

Any explanation why this keeps happening. At first I thought it was because of odd metric settings within Server 2016, but now that I completely reconfigured the access to PRTG according to the following guide, I am still experiencing the issues:

https://kb.paessler.com/en/topic/73332-how-to-access-the-web-interface-in-the-dmz-from-internet-while-the-core-server-and-the-database-is

dmz external-access prtg

Created on Feb 24, 2018 1:17:28 AM



4 Replies

Votes:

0

Hey Peter,

thanks for your KB-posting.

Do you get the same result if you skip the reverse proxy?

Actually, if it turns out that the proxy is the problem, we can not troubleshoot it any further because we do not support reverse proxies, I'm afraid.

Best regards,
Sven

Created on Feb 27, 2018 10:10:46 AM by Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Hi Sven, Thank you for getting back to me.

The issue is present even with a basic PRTG configuration with the firewall directly pointing either to the DMZ or the Internal LAN.

We're running Server 2016 Standard. Where could I potentially find some logs to try to troubleshoot this further? I have a sensor monitoring external access, so I roughly know when I loose connection to PRTG.

Thank you

Created on Feb 27, 2018 2:36:09 PM



Votes:

0

Hi, a quick update on a pattern I have noticed. It looks like every 4 hours the connection is lost. If I send an arp refresh command on the firewall: phionctrl tell <public ip address of prtg>, then everything works. Temporarily, I have set up a script that refreshes the ARP table on the Firewall whenever PRTG gets a warning for external access availability. While this works, it's kind of a band-aid on a problem that still needs resolving.

Created on Feb 27, 2018 9:49:50 PM



Votes:

0

Hey Peter,

first of all, I'm glad that you found a temporary solution for this issue. Nevertheless, as you've originally mentioned that internally (or, via the VPN) the PRTG Core Server is internally available at all times, we don't believe that the issue lies in PRTG. There's actually little options in PRTG that could influence this.

Essentially, if PRTG's webserver gets a HTTP/GET request, it will answer to it. And that's all there is to it. So if the server isn't reachable from outside, something prevents the requests from reaching the webserver. If the firewall is no longer able to "find" the host after four hours, there may be something wrong with the Host's Operating System on the host itself (or something wrong on the Firewall)

You can easily confirm if PRTG is getting the HTTP/GET requests by running a wireshark capture on the PRTG Host. I encourage you to switch to HTTP during this test to be able to see the content of the HTTP packets.

Do you by any chance have two (or more) default gateways on the PRTG Host? That can lead to very unusual behavior.

Best regards,
Sven

Created on Mar 1, 2018 9:53:07 AM by Sven Roggenhofer [Paessler Technical Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.