I want to setup some tests to make sure a firewall isn't leaking. For this, I need to count a failure to connect as a success and a connection as a failure. Is there a way to do this with standard sensors?

Article Comments

What exactly do you need not to connect? Open a connection to a port? If so, you could use the port sensor which allows to select the desired state.


Dec, 2016 - Permalink

Thanks, that's exactly what I was looking for!


Dec, 2016 - Permalink

Glad I could be of assistance! :)


Dec, 2016 - Permalink

Just remember, if PRTG is on the LAN side of your firewall, even if you are probing the external IP of your router/firewall the same firewall rules may not apply.

For example it's possible you allow SMTP on port 25 from external to your external IP,but not from internal address. In this case PRTG would see the port closed (and secure), but its really open.

I suggest you (ALSO) use external services (like https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap or http://mxtoolbox.com/portscan.aspx) to run port scans from the outside in.


Dec, 2016 - Permalink

Thanks for the small guide, Andrew! :)


Dec, 2016 - Permalink

We have a remote probe at rackspace for external testing like this


Dec, 2016 - Permalink