To make an addition, click on the button located at the top right:
Port Forwarding – Addition Button
By clicking on this button the window below is displayed:
Port Forwarding - Adding a new Port Forwarding
The menu consists of several sessions and panels:
Below we will analyze each of these sessions in detail.
In "Policy" we configure all options related to the policy of how Port Forwarding will act:
Port Forwarding - Policy
This tab is composed of the panels:
We will start by detailing the General panel.
This panel contains only the field for adding the policy description.
Policy - General
Next we will detail the panel Redirect to.
This panel contains the resources for configuring the redirection of the Port Forwarding policy
Policy - Redirect to
- Protocol: Defines which protocol will be used;
- Logs [ ]: If the check box is enabled, logging will be activated;
- Interface: Determines which network interface will be used. The interfaces that appear in this menu are configured in Network - Interfaces;
- Port /Range: Defines the port to be used and its range. For this field to be enabled it is necessary to add an interface in the previous field;
- IP: Determines the IP addresses that will be used in the redirection and their respective ports, note that for them to be displayed in this list, they must be of the "unique IP" type. Click the  button to add the address to the list, if you want to remove an address, select it from the list and click [ ]. For more information on how to add a "unique IP" address object, see this page.
- Port /Range: Defines the port that will be used by the redirect IP and its respective range. For this field to be enabled it is necessary to add an IP in the previous field;
- SNAT[Network - Interfaces; ]: If the check box is enabled, it allows the selection of a gateway to perform NAT. For this, it is possible to select the default Gateway or an interface. The interfaces that appear in this menu are configured in
Next we will detail the components of the "Conditions" side tab.
In "Conditions" we configure all the conditions on how port forwarding will work:
Port Forwarding - Conditions
This tab is composed of the panels:
We'll start by detailing the Authentication panel.
In this panel are located the resources that allow conditioning the activation of Port Forward by authentication.
Conditions - Authentication
]: This check box determines whether port forwarding will require authentication (if enabled) or not (if disabled). In addition, by enabling this check box, the Users and Groups fields are available for editing:
- Users: With the authenticated checkbox checked, click [ ] to determine which users port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [ ] otherwise, click [ ] to cancel;
Authentication - Users
- Groups: With the authenticated checkbox checked, click [ ] to determine which user groups port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [ ] otherwise, click [ ] to cancel;
Authentication - Group
Next, we will detail the Sources panel.
In this panel are located the resources that allow conditioning the activation of Port Forward according to the origin of the traffic.
Conditions - Sources
- Allowed Sources: Click [Objects - Addresses. When you have finished selecting, click [ ] otherwise, click [ ] to cancel; ] to determine which source addresses and IPs will be allowed by port forwarding, as shown in the image below. The objects that appear in the list are created in
Sources - Allowed Sources
- Blocked Sources: Click on [ The objects that appear in the list are created in Objects - Addresses. When you have finished selecting, click [ ] otherwise, click [ ] to cancel; ] to determine which source addresses and IPs will be blocked by port forwarding, as shown in the image below.
Sources - Blocked Sources
Next, we will detail the Schedule panel.
In this panel are located the resources that allow you to control the activation of Port Forward in a specific period.
Condition - Schedule
Next, we will detail the Inspection tab.
In "Inspection" we configure which inspections will be applied in port forwarding:
Port Forwarding - Inspection
WARNING: When using an SSL Inspection profile, port forwarding will only work on secure traffic, for example, when protocols are used: HTTPS, POPS, IMAPS, SMTPS and other types of encryption. Note that when creating a port forwarding in this way, the following alert message will be displayed:
Alerta - Redirection rules with SSL inspection will only work for services where the security protocol is supported
- Intrusion Prevention: Allows you to select a profile and apply Intrusion Prevention in port forwarding. The profiles that appear in the list are created in UTM - Services - Intrusion Prevention;
- Threat Blocking: Enables protection against selected threats. Each option is added as a tag, if you want to remove any option click on [
] or select it again in the menu . To clear this field, just click on [ ]. You have the options below:
To save changes, click [[ to cancel all settings and return to the previous screen ]], otherwise, click [ ] or .
After saving, you will need to access the command queue [UTM - Command Queue.] and apply the changes made. For more information on the command queue access the page:
To better illustrate the procedures listed above, we will look at some examples below.