Through this window it is possible to create a Port Forwarding and configure the permissions of masking and redirection of traffic between the buses.

To create a Port Forwarding, click on the button located at the top right:

Port Forwarding – Create Button

By clicking on this button the window below is displayed:

Port Forwarding - Creating a new Port Forwarding

The menu consists of several sessions and panels:

Policy;
- General;
- Redirect to.
Conditions;
- Authentication;
- Sources;
- Schedule.
Advanced;
- DoS Protection.

Below we will analyze each of these sessions in detail.

Policy

In "Policy" we configure all options related to the policy of how Port Forwarding will act:

Port Forwarding - Policy

This tab is composed of the panels:

General;
Redirect to.

We will start by detailing the General panel.

General

This panel contains only the field for adding the policy description.

Policy - General

Description: Defines a description for identification;
Traffic Monitor: With the Traffic Monitor checked [], data on the information traffic on the sessions assgined to the Port Forwarding will be collected;
Traffic Logging: With the Traffic Logging checked[], logs reffering to the information traffic on the sessions assigned to the Port Forwarding will be generated.

Next we will detail the panel Redirect to.

Redirect To

This panel contains the resources for configuring the redirection of the Port Forwarding policy

Policy - Redirect to

Protocol: Defines which protocol will be used;
Interface: Determines which network interface will be used. The interfaces that appear in this menu are configured in Network - Interfaces;
Port /Range: Defines the port to be used and its range. For this field to be enabled it is necessary to add an interface in the previous field;
IP: Determines the IP addresses that will be used in the redirection and their respective ports, note that for them to be displayed in this list, they must be of the "unique IP" type. Click the [] button to add the address to the list, if you want to remove an address, select it from the list and click []. For more information on how to add a "unique IP" address object, see this page.
Port /Range: Defines the port that will be used by the redirect IP and its respective range. For this field to be enabled it is necessary to add an IP in the previous field;
SNAT[]: If the check box is enabled, it allows the selection of a gateway to perform NAT. For this, it is possible to select the default Gateway or an interface. The interfaces that appear in this menu are configured in Network - Interfaces;

Next we will detail the components of the "Conditions" side tab.

Conditions

In "Conditions" we configure all the conditions on how port forwarding will work:

Port Forwarding - Conditions

This tab is composed of the panels:

Authentication;
Sources;
Schedule.

We'll start by detailing the Authentication panel.

Authentication

In this panel are located the resources that allow conditioning the activation of Port Forward by authentication.

Conditions - Authentication

Authenticated[]: This check box determines whether port forwarding will require authentication (if enabled) or not (if disabled). In addition, by enabling this check box, the Users and Groups fields are available for editing:
- Users: With the authenticated checkbox checked, click [] to determine which users port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [] otherwise, click [] to cancel;

Authentication - Users

- Groups: With the authenticated checkbox checked, click [] to determine which user groups port forwarding will be applied to, as shown in the image below. When you have finished selecting, click [] otherwise, click [] to cancel;

Authentication - Group

Next, we will detail the Sources panel.

Sources

In this panel are located the resources that allow conditioning the activation of Port Forward according to the origin of the traffic.

Conditions - Sources

Alloweds: Click [] to determine which source addresses and IPs will be allowed by port forwarding, as shown in the image below. The objects that appear in the list are created in Objects - Addresses. When you have finished selecting, click [] otherwise, click [] to cancel;

Sources - Alloweds

Blockeds: Click on [] to determine which source addresses and IPs will be blocked by port forwarding, as shown in the image below. The objects that appear in the list are created in Objects - Addresses. When you have finished selecting, click [] otherwise, click [] to cancel;

Sources - Blockeds

Next, we will detail the Schedule panel.

Schedule

In this panel are located the resources that allow you to control the activation of Port Forward in a specific period.

Condition - Schedule

Time: Determines that port forwarding will be applied only according to the selected "Time" type object. The objects that appear in the list are created in Objects - Times;
Date: Determines that port forwarding will be applied only according to the selected "Schedule" object. The objects that appear in the list are created in Objects - Schedules;

Next, we will detail the Inspection tab.

Advanced

In "Advanced" we configure which inspections will be applied in port forwarding:

Port Forwarding - Inspection

SSL Inspection: Allows you to select a profile and apply SSL Inspection in Port Forwarding. The profiles that appear in the list are created in SSL Inspection - SSL Profile;

WARNING: When using an SSL Inspection profile, port forwarding will only work on secure traffic, for example, when protocols are used: HTTPS, POPS, IMAPS, SMTPS and other types of encryption. Note that when creating a port forwarding in this way, the following alert message will be displayed:

Alerta - Redirection rules with SSL inspection will only work for services where the security protocol is supported

Intrusion Prevention: Allows you to select a profile and apply Intrusion Prevention in port forwarding. The profiles that appear in the list are created in UTM - Services - Intrusion Prevention;
Threat Blocking: Enables protection against selected threats. Each option is added as a tag, if you want to remove any option click on [] or select it again in the menu . To clear this field, just click on []. You have the options below:
- Abuse;
- Anonymizers;
- Attacks;
- Malware;
- Reputation;
- Spam.

DoS Protection

This panel contains the DoS Protection controls:

Port Forwarding - DoS Protection Settings.

DoS Protection: With the DoS Protection box checked [] It's possible to limit the maximum quantity of packets per second in the Firewall, avoiding distributed attacks or traffic anomalies caused by possible network malwares in the network.
- Packet Rate: The Packet Rate option sets up the Firewall in order to limit the connections to a maximum amount of packets per second.
- Burst Rate: The Burst Rate option sets up the Firewall initially to allow a maximum amount of packets per second without validating the packet rate, allowing the flexibilization of traffic control for occasional peaks.

To save changes, click [], otherwise, click [] or [] to cancel all settings and return to the previous screen.

After saving, you will need to access the command queue [] and apply the changes made. For more information on the command queue access the page: UTM - Command Queue.

To better illustrate the procedures listed above, we will look at some examples.

Page tree

UTM - Port Forwarding - Create Button