Configuring Port Forwarding Rules

Port forwarding forwards a TCP/IP packet traversing a Network Address Translation (NAT) gateway to a pre-determined network port on a host within a NAT-masqueraded network, typically private network based on the port number on which it was received at the gateway from the originating host.

Use the Port Forwarding page to assign a port number to a service that is associated with the application that you want to run, such as web servers, FTP servers, email servers, or other specialized Internet applications.

Note

 • Up to 64 port forwarding rules can be configured on the security appliance. You must create firewall rules to allow access so that the port forwarding rules can function properly.

 • To open an internal FTP server to the Internet, make sure that the FTP server is listening on TCP port 21 or both the FTP server and client must use the active mode when the FTP server is listening on some other TCP port. Otherwise the FTP client cannot access the FTP server.

 1. Click Firewall > NAT > Port Forwarding.

 2. To enable a port forwarding rule, check the box in the Enable column.

 3. To add a port forwarding rule, click Add.

Other options: To edit an entry, click the Edit (pencil) icon. To delete an entry, click the Delete (x) icon. To delete multiple entries, check them and click Delete.

The Port Forwarding Rule - Add/Edit window opens.

 4. Enter the following information:

 • Original Service: Choose an existing service as the incoming service.

 • Translated Service: Choose a service as the translated service or choose Original if the translated service is same as the incoming service. If the service that you want is not in the list, choose Create a new service to create a new service object. To maintain the service objects, go to the Networking > Service Management page. See Service Management, page 157.

NOTE: One-to-one translation will be performed for port range forwarding. For example, if you want to translate an original TCP service with the port range of 50000 to 50002 to a TCP service with the port range of 60000 to 60002, then the port 50000 will be translated to the port 60000, the port 50001 will be translated to the port 60001, and the port 50002 will be translated to the port 60002.

 • Translated IP: Choose the IP address of your local server that needs to be translated. If the IP address that you want is not in the list, choose Create a new address to create a new IP address object. To maintain the IP address objects, go to the Networking > Address Management page. See Address Management, page 155.

 • WAN: Choose either WAN1 or WAN2, or both as the incoming WAN port.

 • WAN IP: Specify the public IP address of the server. You can use the IP address of the selected WAN port or a public IP address that is provided by your ISP. When you choose Both as the incoming WAN port, this option is grayed out.

 • Enable Port Forwarding: Click On to enable the port forwarding rule, or click Off to create only the port forwarding rule.

 • Create Firewall Rule: Check this box to automatically create a firewall rule to allow access so that the port forwarding rule can function properly. You must manually create a firewall rule if you uncheck this box.

NOTE: If you choose Both as the incoming WAN port, a firewall rule from Any zone to Any zone will be created accordingly.

 • Description: Enter the name for the port forwarding rule.

 5. Click OK to save your settings.

 6. Click Save to apply your settings.