PRTG – P2 Secure PRTG with SSL | Enable HTTPS & Change Default Port

Securing your monitoring system is not optional — it is essential. In this guide, we will walk through how to secure PRTG Network Monitor by enabling HTTPS and how to change port PRTG to reduce exposure and improve security posture.

By default, PRTG may run on standard HTTP and commonly known ports. Leaving it unchanged can expose your monitoring system to unnecessary risks. Let’s fix that properly.

🔐 Why You Should Secure PRTG with SSL

Running PRTG over HTTP sends credentials and monitoring data in plain text. This creates several security concerns:

• ❌ Credentials can be intercepted

• ❌ Monitoring data can be exposed

• ❌ Compliance standards may not be met

• ❌ Increased attack surface on default ports

Enabling HTTPS encrypts communication between users and the PRTG server. Additionally, when you change port PRTG, you reduce automated scanning attempts on common ports.

Security is about layers — SSL + non-default port is a strong starting point.

🖥️ Step 1 – Prepare SSL Certificate for PRTG

Before enabling HTTPS, ensure you have:

• A valid SSL certificate (Public CA or internal CA)

• Certificate in .pfx format (including private key)

• Certificate password (if exported with one)

For enterprise environments, using a certificate issued from Active Directory Certificate Services (AD CS) is recommended.

Place the certificate in the appropriate PRTG certificate directory if required.

⚙️ Step 2 – Enable HTTPS in PRTG

Follow these steps to enable SSL:

1. Open PRTG Administration Tool

2. Select the correct PRTG Core Server

3. Navigate to Web Server settings

4. Enable SSL / HTTPS

5. Select the appropriate certificate

6. Apply the configuration

7. Restart the PRTG Core Server service

Once restarted, PRTG will start serving traffic over HTTPS.

Now access it using:

🔄 Step 3 – Change Port PRTG (Important Security Step)

Changing the default port reduces exposure to automated attacks and scanning tools.

To change port PRTG, follow these steps:

1. Open PRTG Administration Tool

2. Go to Web Server configuration

3. Locate the TCP Port for Web Server

4. Replace the default port (e.g., 80 or 443) with a custom port
   Example:

    

    

   8443

    

5. Save configuration

6. Restart PRTG Core Server service

After restarting, access PRTG using:

Make sure your Windows Firewall allows inbound traffic on the new port.

🔥 Step 4 – Update Firewall Rules

After you change port PRTG, update security rules:

On Windows Firewall

• Create a new Inbound Rule

• Allow TCP traffic on your new custom port

• Restrict access by source IP if possible

On External Firewall (If Published to Internet)

• Update NAT rule

• Allow only required IP ranges

• Avoid exposing PRTG publicly unless absolutely necessary

Security best practice:
👉 Never expose PRTG directly to the internet without VPN or reverse proxy protection.

🧪 Step 5 – Verify HTTPS & Port Configuration

After configuration:

• Open browser

• Navigate to new HTTPS URL

• Verify SSL lock icon

• Confirm certificate validity

• Test login functionality

If browser shows certificate warning:

• Check certificate CN / SAN

• Ensure correct hostname

• Verify trusted CA chain

🛡️ Additional Hardening Recommendations

Beyond enabling SSL and changing port PRTG, consider:

• 🔒 Disable HTTP completely

• 🔐 Enforce strong passwords

• 🧑‍💻 Restrict access by IP

• 🧾 Enable audit logs

• 🔄 Keep PRTG updated

• 🚫 Remove default admin accounts if not needed

Layered security dramatically reduces attack risk.

⚠️ Common Mistakes When Changing Port PRTG

Avoid these issues:

• Forgetting to update firewall rule

• Blocking new port unintentionally

• Not restarting PRTG service

• Losing remote access after port change

• Using expired SSL certificate

Always test locally before applying changes in production.

📌 Final Thoughts

Securing your monitoring platform should be a priority. By enabling HTTPS and properly change port PRTG, you significantly reduce risk and improve overall system security.

This configuration takes only a few minutes but adds a strong security layer to your infrastructure.

In the next part, we will continue optimizing and hardening PRTG for enterprise environments.