Page tree
Skip to end of metadata
Go to start of metadata

Through this window it is possible to add a Port Forwarding and configure the permissions of masking and redirection of traffic between the buses.


To make an addition, click on the button located at the top right:


Port Forwarding – Addition Button


By clicking on this button the window below is displayed:


Port Forwarding - Adding a new Port Forwarding


The menu consists of several sessions and panels:



Below we will analyze each of these sessions in detail.


Policy 


In "Policy" we configure all options related to the policy of how Port Forwarding will act:


Port Forwarding - Policy


This tab is composed of the panels:

We will start by detailing the General panel.


General


This panel contains only the field for adding the policy description.


Policy - General


  • Description: Defines a description for identification;


Next we will detail the panel Redirect to.


Redirect To


This panel contains the resources for configuring the redirection of the Port Forwarding policy


Policy - Redirect to


  • Protocol: Defines which protocol will be used;
  • Logs []: If the check box is enabled, logging will be activated;
  • Interface: Determines which network interface will be used. The interfaces that appear in this menu are configured in Network - Interfaces;
  • Port /RangeDefines the port to be used and its range. For this field to be enabled it is necessary to add an interface in the previous field;
  • IP: Determines the IP addresses that will be used in the redirection and their respective ports, note that for them to be displayed in this list, they must be of the "unique IP" type. Click the [] button to add the address to the list, if you want to remove an address, select it from the list and click []. For more information on how to add a "unique IP" address object, see this page.
  • Port /RangeDefines the port that will be used by the redirect IP and its respective range. For this field to be enabled it is necessary to add an IP in the previous field;
  • SNAT[]: If the check box is enabled, it allows the selection of a gateway to perform NAT. For this, it is possible to select the default Gateway or an interface. The interfaces that appear in this menu are configured in Network - Interfaces;


Next we will detail the components of the "Conditions" side tab.


Conditions 


In "Conditions" we configure all the conditions on how port forwarding will work:


Port Forwarding - Conditions



This tab is composed of the panels:

We'll start by detailing the Authentication panel.


Authentication


In this panel are located the resources that allow conditioning the activation of Port Forward by authentication.


Conditions - Authentication


  • Authenticated[]: This check box determines whether port forwarding will require authentication (if enabled) or not (if disabled). In addition, by enabling this check box, the Users and Groups fields are available for editing:
    • Users: With the authenticated checkbox checked, click [] to determine which users port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [] otherwise, click [] to cancel;


Authentication - Users


    • GroupsWith the authenticated checkbox checked, click [] to determine which user groups port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [] otherwise, click [] to cancel;


Authentication - Group


Next, we will detail the Sources panel.


Sources


In this panel are located the resources that allow conditioning the activation of Port Forward according to the origin of the traffic.


Conditions - Sources


  • Allowed Sources: Click [] to determine which source addresses and IPs will be allowed by port forwarding, as shown in the image below. The objects that appear in the list are created in Objects - Addresses. When you have finished selecting, click [] otherwise, click [] to cancel;


Sources - Allowed Sources


  • Blocked Sources: Click on [] to determine which source addresses and IPs will be blocked by port forwarding, as shown in the image below. The objects that appear in the list are created in Objects - Addresses. When you have finished selecting, click [] otherwise, click [] to cancel;


Sources - Blocked Sources


Next, we will detail the Schedule panel.


Schedule


In this panel are located the resources that allow you to control the activation of Port Forward in a specific period.


Condition - Schedule


  • Time: Determines that port forwarding will be applied only according to the selected "Time" type object. The objects that appear in the list are created in Objects - Times;
  • Date: Determines that port forwarding will be applied only according to the selected "Schedule" object. The objects that appear in the list are created in Objects - Schedules;


Next, we will detail the Inspection tab.


Inspection 


In "Inspection" we configure which inspections will be applied in port forwarding:


Port Forwarding - Inspection


  • SSL Inspection: Allows you to select a profile and apply SSL Inspection in port forwarding. The profiles that appear in the list are created in SSL Inspection - SSL Profile;

WARNING: When using an SSL Inspection profile, port forwarding will only work on secure traffic, for example, when protocols are used: HTTPS, POPS, IMAPS, SMTPS and other types of encryption. Note that when creating a port forwarding in this way, the following alert message will be displayed:

Alerta - Redirection rules with SSL inspection will only work for services where the security protocol is supported

  • Intrusion Prevention: Allows you to select a profile and apply Intrusion Prevention in port forwarding. The profiles that appear in the list are created in UTM - Services - Intrusion Prevention;
  • Threat Blocking: Enables protection against selected threats. Each option is added as a tag, if you want to remove any option click on [or select it again in the menu . To clear this field, just click on []. You have the options below:
    • Abuse;
    • Anonymizers;
    • Attacks;
    • Malware;
    • Reputation;
    • Spam.


To save changes, click [], otherwise, click [] or [] to cancel all settings and return to the previous screen.

After saving, you will need to access the command queue [] and apply the changes made. For more information on the command queue access the page: UTM - Command Queue.


To better illustrate the procedures listed above, we will look at some examples below.

  • No labels
Write a comment…