What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Which interface to monitor

Votes:

0

Which Interface use to monitor the device is the best? Internal to External port?

interface prtg-network-monitor snmp

Created on Apr 22, 2019 2:29:47 AM



5 Replies

Votes:

0

Derdekeasim,

It's best to monitor the device on the interface that lies in the same subnet as your PRTG probe.

If this isn't possible, then you want to monitor the interface with the shortest path back to your PRTG probe.

Benjamin Day
Paessler Support

Created on Apr 22, 2019 9:02:16 AM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Hi Benjamin, my thought is whether to monitor on WAN or LAN port for FW as I have seen probe is down that monitor internal IP on other location via IPSec tunnel but not on the probe on VPN tunnel, so not sure is my setup is good or not.

Created on Apr 23, 2019 12:19:28 PM



Votes:

0

Derdekeasim,

In this case, I would do all my primary monitoring through the LAN interface as opening the outside interface to SNMP isn't the best practice. Then I would Ping something through the VPN on the other probe as a means of letting me know my VPN is up and connected.

What do you think about this?

Benjamin Day
Paessler Support

Created on Apr 24, 2019 6:19:08 AM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Hi Benjamin, my current setup is what you say, just that the ping to the internal LAN via IPSec is down but the alert for the IPSec VPN is not showing. Correct me if I am wrong, if the ping to the internal LAN via IPSec is down meaning the IPSec tunnel to the Internal LAN is down, am I correct?

Created on Apr 26, 2019 7:36:57 AM



Votes:

0

Derdekeasim

How are you pinging the Internal LAN via IPSec? That shouldn't be allowed as you are coming from high security to a lower security zone. Unless you have a policy allowing this, it should be blocked.

Benjamin Day
Paessler Support

Created on Apr 26, 2019 7:46:20 AM by Benjamin Day [Paessler Support] (1,441) 2 1




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.