Port forwarding redirects incoming connections from the Internet to an internal host behind the firewall. For example, you may have an HTTP server on your network and you want to make it accessible to the Internet.
Note: Port Forwarding exposes services on your network to the public Internet and should be used only when necessary.
Adding / Editing Port Forward Rules
- Go to Settings > Network > Port Forward to configure Port Forwarding.
- Click Add Rule or edit an existing rule by clicking the edit icon next to the item.
- Give the rule a description.
- The Conditions panel is pre-populated with two conditions: Destination > Destination Port and Destined Local. Set Destination Port to the port you wish to be forwarded; see Rules Overview for advanced syntax options of this field.
- Leave Destined Local set to Yes.
- If you want to restrict access to the port, add a Source condition to the rule. For example, you can restrict access to only a single WAN IP with Source > Source Address is 18.104.22.168.
- Under New Destination, enter the IP address of the internal host where you want to forward this traffic.
- If you want to translate the port, enter a new value in the optional Port field. If the traffic should be forwarded on the same port it arrived on, leave this value blank.
- Click Save to confirm the new rule.
Verifying Port Forwarding
You can use the SD-WAN Router's Reports function to verify your new Port Forward is working. Open Reports > Sessions > Sessions and add the column 'Server Address New':
Finally, add the server address in the Search here… field located above the list of sessions. This will filter the report down to only those which include that IP address.
Example: Email Server
If you have an internal email server with IP address 10.11.12.99 behind this SD-WAN Router, you can use this rule to forward incoming SMTP traffic to that server:
(Note that you can specify multiple ports by separating with commas and no spaces.)Follow