Which Interface use to monitor the device is the best? Internal to External port?
Article Comments
Hi Benjamin, my thought is whether to monitor on WAN or LAN port for FW as I have seen probe is down that monitor internal IP on other location via IPSec tunnel but not on the probe on VPN tunnel, so not sure is my setup is good or not.
Apr, 2019 - Permalink
Derdekeasim,
In this case, I would do all my primary monitoring through the LAN interface as opening the outside interface to SNMP isn't the best practice. Then I would Ping something through the VPN on the other probe as a means of letting me know my VPN is up and connected.
What do you think about this?
Benjamin Day
Paessler Support
Apr, 2019 - Permalink
Hi Benjamin, my current setup is what you say, just that the ping to the internal LAN via IPSec is down but the alert for the IPSec VPN is not showing. Correct me if I am wrong, if the ping to the internal LAN via IPSec is down meaning the IPSec tunnel to the Internal LAN is down, am I correct?
Apr, 2019 - Permalink
Derdekeasim
How are you pinging the Internal LAN via IPSec? That shouldn't be allowed as you are coming from high security to a lower security zone. Unless you have a policy allowing this, it should be blocked.
Benjamin Day
Paessler Support
Apr, 2019 - Permalink
Derdekeasim,
It's best to monitor the device on the interface that lies in the same subnet as your PRTG probe.
If this isn't possible, then you want to monitor the interface with the shortest path back to your PRTG probe.
Benjamin Day
Paessler Support
Apr, 2019 - Permalink