Allowing Inbound Traffic Using the WAN IP Address

Use Case: You host a FTP server on your LAN. You want to open the FTP server to Internet by using the IP address of the WAN1 port. Inbound traffic is addressed to your WAN1 IP address but is directed to the FTP server.

Solution: Perform the following tasks to complete the configuration:

1. Go to the Networking > Address Management page to create a host address object with the IP 192.168.75.100 called “InternalFTP.”

2. Go to the Firewall > NAT > Port Forwarding page to create a port forwarding rule as follows.

Original Service	FTP-CONTROL
Translated Service	FTP-CONTROL
Translated IP	InternalFTP
WAN	WAN1
WAN IP	WAN1_IP
Enable Port Forwarding	On

3. Or go to the Firewall > NAT > Advanced NAT page to create an advanced NAT rule as follows.

From	WAN1
To	DEFAULT
Original Source Address	ANY
Original Destination Address	WAN1_IP
Original Services	FTP-CONTROL
Translated Source Address	ANY
Translated Destination Address	InternalFTP
Translated Services	FTP-CONTROL

4. Then go to the Firewall > Access Control > ACL Rules page to create a firewall rule as follows to allow access:

From Zone	WAN
To Zone	LAN
Services	FTP-CONTROL
Source Address	ANY
Destination Address	InternalFTP
Match Action	Permit

Note When you create the port forwarding rule, you can check Create Firewall Rule to automatically generate the firewall rule.