DNAT (Port Forward) - Advanced Setup

Version 2.5 Versions 3.0 & 5.0

Applies to Platform: UTM 2.4 and 2.5, 4i Edge 2.5
Last Updated: 09 April 2014

Applies to Platform: UTM 3.0, 4i Edge 3.0, UTM 5.0, 4i Edge 5.0
Last Updated: 09 April 2014

This lesson will illustrate the necessary steps to configure a more advanced Destination NAT (or Port Forward) on a typical Endian appliance.

Configuration Example


In this simple example, we'll setup a DNAT (Port Forward) for a range of ports for a web server in the Orange (DMZ) network. We'll use one of our statically assigned public IP addresses as our external entry point for this exposed service.

Create DNAT Rule

?name=media_1300819453734.png dnat-adv1.png

We'll begin by creating a new DNAT rule at which point we can configure all the necessary fields to correspond to our example network. In this example we have to toggle the 'Advanced' mode of the DNAT rule editor so we can specify the source network allowed to access this rule. Also notice that in advanced mode we can set the 'Filter Policy' which by default is "Allow with IPS" which means the rule allows qualified traffic but inspects that traffic with the IPS engine.

Once done, click the Create Rule button.

Apply the Rule

?name=media_1300819746834.png dnat-adv2.png

Once your rule is created, you must apply the rule to the device by clicking the Apply button (shown above).

Verify the Rule

?name=media_1300819774026.png dnat-adv3.png

Now that our rule has been applied successfully, we can test that we can access on ports 10080-10085 from the Internet.

Altre domande? Invia una richiesta