Inbound port forwarding

Inbound port forwarding allows external computers on the internet to access devices in the local network through the same IPInternet protocol address. Normally this feature is used with static IP address assignment, but it can be used with any of the IP address configuration modes for the Exinda SD-WANSoftware-Defined Wide Area Network WANWide Area Network ports. Inbound port forwarding is not recommended for the Pass Through mode of operation on WAN interface 1, since this function, if required, would already be handled by the legacy network that was kept intact without any changes during the installation.

By default, all inbound Internet traffic is blocked, except for ICMPInternet Control Message Protocol traffic. Selected inbound internet traffic can be allowed or blocked by configuration of one or more forwarding rules. To configure a rule for forwarding inbound Internet traffic, select the Firewall tab, and click Add Firewall Rule. Select Inbound as a Direction.

In order to configure a rule for forwarding inbound Internet traffic, an Interface must also be specified on the pop-up menu. You can specify ALL WAN which means that traffic from all WAN interfaces, wired or cellular is the target of the rule. Alternatively, a forwarding rule for a single WAN interface can be specified in the drop-down menu. In order for cellular WAN interfaces to become available, the corresponding cellular WAN interface should be configured first. In addition, if any remote LANLocal area network connections have been configured (with the optional VLL feature), they also appear in the menu as possible targets of the forwarding rule.

Traffic from a specific protocol or from all protocols can be specified as the target of the forwarding rule by selecting under Protocol/Action. TCPTransmission Control Protocol, UDPUser Datagram Protocol, ICMP, IPSecInternet Protocol Security, and PPTPPoint-to-Point Tunneling Protocol are available, as is Any which is interpreted as all protocols. A specific protocol other than the above can also be specified by selecting Other and entering the corresponding protocol number.

Adding an inbound forwarding rule causes the targeted traffic to be forwarded to the Local IP address designated in the pop-up menu, unless the Discard option is selected in which case the targeted traffic is discarded.

Specifying a WAN port number causes all traffic destined to the specified port to be forwarded to the specified Local IP address. More generally, a range of WAN ports can also be specified by designating a second WAN port, which is the end of the port range. It is delivered to the same destination port unless a LAN port is specified, in which case it is delivered to the specified LAN port.

A Global IP address may also be optionally specified, which signifies that only that traffic which is destined to the specified Global IP address should be forwarded to the specified Local IP address.

A text string can also be entered in Notes, to provide a mechanism for the operator to remember the reason or context of the forwarding rule.

After specifying all desired conditions in a forwarding rule for inbound traffic, click Add to load the forwarding rule into the Exinda SD-WAN. Multiple forwarding rules can be added to provide more flexible forwarding of traffic. If a forwarding rule that was added previously needs to be deleted, click Delete next to the listed forwarding rule. If a forwarding rule needs to be edited, the rule can first be deleted and the modified rule can then be entered as before. The Exinda SD-WAN processes arriving traffic by sequential application of the specified forwarding rules. This means if there are conflicts in the forwarding rules, the forwarding rule nearest the top of the list takes precedence. By default, the list of forwarding rules is such that rules entered earlier is lower in the list, so the most recently added rule always take precedence.

Here is an example scenario for a user accessing his desktop remotely:

Example scenario for a user accessing his desktop remotely