By JR Andreassen • Oct 18, 2017

Using a KEMP LoadMaster as Reverse Proxy for PRTG: All the Config You Need

In our last article about monitoring a KEMP LoadMaster using PRTG we described the configuration of PRTG. Now we talk about the configuration of the KEMP LoadMaster itself. Before starting, please read the disclaimer, as this is about a sensitive part of your security.

Please note: We have carefully compiled this information and it is provided to the best of our knowledge. As the solution is not part of PRTG itself, it is not officially supported by Paessler or PRTG Technical Support. Yet, we wanted to share it with you as it might be of interest for many PRTG users.

You must also be aware, that if you configure any of the parts incorrectly, you may leave yourself open to an intruder gaining access to anything configured within PRTG. This includes User ID’s, Passwords, ip’s names, etc. IE no warranties expressed or implied. Paessler, its employees or partners cannot be held liable for any damages that you may incur as a result of employing a Reverse Proxy.

KEMP's documentation is available from their website

1) In the KEMP user interface, select Virtual Servers | View/Modify Services.

kemp-loadmaster1.png

 

2) Add new Virtual Service & uncheck Transparency

kemp-loadmaster2.png

 

3) Select Scheduling  

kemp-loadmaster3.png

 

4) Pick protocols (only TLS1.2 recommended) and pick Ciphers (Eliptic curve series [ECxxxx] recommended), or use one of the predefined sets.

5) Import the PRTG SSL certificate. Click on Manage Certificate.

kemp-loadmaster4.png

 

6) Import the PRTG certificate and assign to server. Then add and set.

7) Add a new Real Server

kemp-loadmaster5.png

That should do it!

If you have issues with mini probes complaining about SSL being required, it can be turned off by using the metho described in "How can I disable SSL for Mini Probes".

Content Caching

You can enable content caching, but there will be some restrictions.

kemp-loadmaster6.png

The KEMP documentation on caching states that it can only cache items with no parameters(...?param1=x&param2=y...). Most of the requests to PRTG have parameters, all taking "...?prtgversion=xxxx&language=en" which makes most calls uncacheable. So the overall impact of the cache may be low.  

That is all the configuration, you should now be able to access your PRTG server through the proxy. Apply the sensor template to the device and monitor the LoadMaster and see how much load it is taking off PRTG and all the other real/Virtual servers it has configured.

In the current version of the Kemp LoadMaster, you can now export a template for creating Virtual/Real server configurations. For convenience I have exported the configuration and included it with the Template project listed in the PRTG Script World or from the source on GitLab.com/PRTG . Unfortunately, we have been unable to get an officially sanctioned template from Kemp.