Hello,
Our construct is following:
We have a double-NAT with 2 firewalls in place, Checkpoint and Fortigate.
Checkpoint is our external firewall, while Fortigate is internal, NAT on both sides.
Everything is working fine, we can access PRTG via https externally and internally.
However: we are also using the PRTG app, which can access via HTTP or HTTPS only.
In our penetration testing, a valid point has been made, in that the PRTG website is accessible externally - which should be avoided, if possible.
So basically:
Is it possible to avoid the ability to connect to the PRTG website externally, yet still being able to use the App?
Thanks
Externally available PRTG Website
Modified on 2025-06-10 20:22:00 +0200
Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Hey,
Is it possible to avoid the ability to connect to the PRTG website externally, yet still being able to use the App?Actually, this is not possible since the app uses the very same port TCP/443 to connect to PRTG. So, if the Port is open for the app, it's also open for the users who use a Browser to connect to PRTG's GUI.Please check this page for details.
Best,
Sven Roggenhofer
Technical Support, Paessler AG
Apr, 2022 - Permalink