Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To make an addition, click on the button located at the top right:


Image RemovedImage Added

Port Forwarding – Addition Button

...

By clicking on this button the window below is displayed:


Image RemovedImage Added

Port Forwarding - Adding a new Port Forwarding

...

The menu consists of several sessions and panels:



Below we will analyze each of these sessions in detail.


Policy 
Anchor
Policy
Policy


In "Policy" we configure all options related to the policy of how Port Forwarding will act:


Image RemovedImage Added

Port Forwarding - Policy

...

This tab is composed of the panels:

We will start by detailing the General panel.


General
Anchor
general
general


This panel contains only the field for adding the policy description.


Image RemovedImage AddedPolicy - General

...

Next we will detail the panel Redirect to.


Redirect To
Anchor
redirect
redirect


This panel contains the resources for configuring the redirection of the Port Forwarding policy


Image RemovedImage AddedPolicy - Redirect to

...

  • Protocol: Defines which protocol will be used;
  • Logs [Image RemovedImage Added]: If the check box is enabled, logging will be activated;
  • Interface: Determines which network interface will be used. The interfaces that appear in this menu are configured in Network - Interfaces;
  • Port /RangeDefines the port to be used and its range. For this field to be enabled it is necessary to add an interface in the previous field;
  • IP: Determines the IP addresses that will be used in the redirection and their respective ports, note that for them to be displayed in this list, they must be of the "unique IP" type. Click the [Image RemovedImage Added] button to add the address to the list, if you want to remove an address, select it from the list and click [Image RemovedImage Added]. For more information on how to add a "unique IP" address object, see this page.
  • Port /RangeDefines the port that will be used by the redirect IP and its respective range. For this field to be enabled it is necessary to add an IP in the previous field;
  • SNAT[Image RemovedImage Added]: If the check box is enabled, it allows the selection of a gateway to perform NAT. For this, it is possible to select the default Gateway or an interface. The interfaces that appear in this menu are configured in Network - Interfaces;

...

Next we will detail the components of the "Conditions" side tab.


Conditions 
Anchor
Conditions
Conditions


In "Conditions" we configure all the conditions on how port forwarding will work:


Image RemovedImage Added

Port Forwarding - Conditions

...

This tab is composed of the panels:

We'll start by detailing the Authentication panel.


Authentication
Anchor
authentication
authentication


In this panel are located the resources that allow conditioning the activation of Port Forward by authentication.


Image RemovedImage Added

Conditions - Authentication


  • Authenticated[Image RemovedImage Added]: This check box determines whether port forwarding will require authentication (if enabled) or not (if disabled). In addition, by enabling this check box, the Users and Groups fields are available for editing:
    • Users: With the authenticated checkbox checked, click [Image RemovedImage Added] to determine which users port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [Image RemovedImage Added] otherwise, click [Image RemovedImage Added] to cancel;


Image RemovedImage AddedAuthentication - Users

...

    • GroupsWith the authenticated checkbox checked, click [Image RemovedImage Added] to determine which user groups port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [Image RemovedImage Added] otherwise, click [Image RemovedImage Added] to cancel;


Image RemovedImage AddedAuthentication - Group

...

Next, we will detail the Sources panel.


Sources
Anchor
sources
sources


In this panel are located the resources that allow conditioning the activation of Port Forward according to the origin of the traffic.


Image RemovedImage AddedConditions - Sources


  • Allowed Sources: Click [Image RemovedImage Added] to determine which source addresses and IPs will be allowed by port forwarding, as shown in the image below. The objects that appear in the list are created in Objects - Addresses. When you have finished selecting, click [Image RemovedImage Added] otherwise, click [Image RemovedImage Added] to cancel;


Image RemovedImage AddedSources - Allowed Sources

...

  • Blocked Sources: Click on [Image RemovedImage Added] to determine which source addresses and IPs will be blocked by port forwarding, as shown in the image below. The objects that appear in the list are created in Objects - Addresses. When you have finished selecting, click [Image RemovedImage Added] otherwise, click [Image RemovedImage Added] to cancel;


Image RemovedImage AddedSources - Blocked Sources

...

Next, we will detail the Schedule panel.


Schedule
Anchor
schedule
schedule


In this panel are located the resources that allow you to control the activation of Port Forward in a specific period.


Image RemovedImage AddedCondition - Schedule

...

Next, we will detail the Inspection tab.


Inspection 
Anchor
Inspection
Inspection


In "Inspection" we configure which inspections will be applied in port forwarding:


Image RemovedImage Added

Port Forwarding - Inspection

...

Panel
borderColor#d04437
bgColor#fffbf6

Image RemovedImage AddedWARNING: When using an SSL Inspection profile, port forwarding will only work on secure traffic, for example, when protocols are used: HTTPS, POPS, IMAPS, SMTPS and other types of encryption. Note that when creating a port forwarding in this way, the following alert message will be displayed:Image Removed

Image Added

Alerta - Redirection rules with SSL inspection will only work for services where the security protocol is supported

  • Intrusion Prevention: Allows you to select a profile and apply Intrusion Prevention in port forwarding. The profiles that appear in the list are created in UTM - Services - Intrusion Prevention;
  • Threat Blocking: Enables protection against selected threats. Each option is added as a tag, if you want to remove any option click on [Image RemovedImage Addedor select it again in the menu . To clear this field, just click on [Image RemovedImage Added]. You have the options below:
    • Abuse;
    • Anonymizers;
    • Attacks;
    • Malware;
    • Reputation;
    • Spam.


To save changes, click [Image RemovedImage Added], otherwise, click [Image RemovedImage Added] or [Image RemovedImage Added] to cancel all settings and return to the previous screen.

After saving, you will need to access the command queue [Image RemovedImage Added] and apply the changes made. For more information on the command queue access the page: UTM - Command Queue.

...

To better illustrate the procedures listed above, we will look at some examples below.