Hello,
Our construct is following:
We have a double-NAT with 2 firewalls in place, Checkpoint and Fortigate.
Checkpoint is our external firewall, while Fortigate is internal, NAT on both sides.
Everything is working fine, we can access PRTG via https externally and internally.
However: we are also using the PRTG app, which can access via HTTP or HTTPS only.
In our penetration testing, a valid point has been made, in that the PRTG website is accessible externally - which should be avoided, if possible.
So basically:
Is it possible to avoid the ability to connect to the PRTG website externally, yet still being able to use the App?
Thanks
Article Comments
Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.
Hey,
Is it possible to avoid the ability to connect to the PRTG website externally, yet still being able to use the App?Actually, this is not possible since the app uses the very same port TCP/443 to connect to PRTG. So, if the Port is open for the app, it's also open for the users who use a Browser to connect to PRTG's GUI.Please check this page for details.
Best,
Sven Roggenhofer
Technical Support, Paessler AG
Apr, 2022 - Permalink