DNAT (Port Forward) - Advanced Setup

Version 2.5 Versions 3.0 & 5.0

Applies to Platform: UTM 2.4 and 2.5, 4i Edge 2.5
Last Updated: 09 April 2014

Applies to Platform: UTM 3.0, 4i Edge 3.0, UTM 5.0, 4i Edge 5.0
Last Updated: 09 April 2014

This lesson will illustrate the necessary steps to configure a more advanced Destination NAT (or Port Forward) on a typical Endian appliance.

Configuration Example


In this simple example, we'll setup a DNAT (Port Forward) for a range of ports for a web server in the Orange (DMZ) network. We'll use one of our statically assigned public IP addresses as our external entry point for this exposed service.

Create DNAT Rule

?name=media_1300819453734.png dnat-adv1.png

We'll begin by creating a new DNAT rule at which point we can configure all the necessary fields to correspond to our example network. In this example we have to toggle the 'Advanced' mode of the DNAT rule editor so we can specify the source network allowed to access this rule. Also notice that in advanced mode we can set the 'Filter Policy' which by default is "Allow with IPS" which means the rule allows qualified traffic but inspects that traffic with the IPS engine.

Once done, click the Create Rule button.

Apply the Rule

?name=media_1300819746834.png dnat-adv2.png

Once your rule is created, you must apply the rule to the device by clicking the Apply button (shown above).

Verify the Rule

?name=media_1300819774026.png dnat-adv3.png

Now that our rule has been applied successfully, we can test that we can access on ports 10080-10085 from the Internet.

Have more questions? Submit a request


  • Avatar
    Permanently deleted user

    Still valid for 2.5

  • Avatar
    Jyotiprakash Sahoo

    I have done as you have said. but unfortunately I am not able to do that. I can ping my outer interface from public locations but I am not able to browse my application/webpage thru port 80 even I have set it correctly.......what to do?? can you please help me on this??

  • Avatar
    Dox Andreux