Jump to:navigation, search
Wiki

Port forwarding

From Securepoint Wiki





























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden
































Configuration of port forwarding

Last adaptation to the version: 12.6.0

New:
  • Updated to Redesign of the webinterface
Last updated: 
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Firewall Packet Filter


Use of port forwarding

Many companies do not have a subnet with external IP addresses available. All computers are in a private network and are connected behind the IP of the router.
Port forwarding is used to forward requests on specific ports directed to the router's public IP to the internal server so that it can be reached from the Internet.

  • Network objects and services only need to be created if they do not already exist on the firewall in the form described here.
  • Objective: To make an internal server accessible from the Internet.


Configuration of the appliance

Create network object

For simple port forwarding, the server must first be created as a network object.
This must be done by clicking on Firewall Network Objects  button Add object.

Caption Value Description Add Network Object UTMuser@firewall.name.fqdn Firewall Network Objects
Create network object
Name: Server Assign a unique name
Type: Host Select Host as type
  • The target must be a network object of type Host with an IP address, otherwise the rule may have no effect.
    • Address: 192.168.176.11/---  Enter IP address of the server
    Zone: dmz0 The internal zone in which the server is located must be selected here.
    In the example dmz0.
    Save and close Save the network object and close the dialog.

    Create firewall rules

    A firewall rule with destination NAT must be created so that external users can now also access the server.
    This must be done by clicking Firewall Packetfilter  button Add Rule.
    The rule must then be created as follows:

    General
    Source: Internet Allows the Internet as the source of the data packet Add Rule UTMuser@firewall.name.fqdn Firewall Packetfilter
    Add firewall rule
    Target: Server Allows the server to be the destination of the data packet
    The target must be a network object of type Host with an IP address, otherwise the rule may have no effect.
    Service: https Desired service with deposited port
    Action: ACCEPT Forwards the packet
    NAT
    Type: DESTNAT Select destination NAT
    Networkobject: external-interface Network object that performs the translation of the IP addresses, i.e. the "nating"
    Service: https Uses the selected service in the local destination network
  • Then the Update rules button must be clicked. After the last setup step has been completed, port forwarding is active.
    • Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/RULE/Portweiterleitung&oldid=98679"