Creating Port Forwarding Policies

To create a port forwarding policy, do the following:

1. In the Cloud Services Portal, click Manage > Service Edge > Policies > Port Forwarding Policies.

2. Click Create.

3. On the Add New Port Forwarding Policy dialog > General tab, specify the following:

Name: Enter a name for the port forwarding policy. Create a name that does not exceed 64 characters in length. Use numbers, any special characters, uppercase and lowercase letters, and even spaces. Start and end a name with any character but not a space. Leading and trailing spaces will be trimmed off automatically.
Description: Describe the rule. This is optional.
Priority: Enter a number from 1 to 65; the default is 1. This is the priority in which the system processes the policy. The lower the number, the higher the priority.

To achieve the protection you want for your cloud infrastructure, be sure to assign the correct priority to each port forwarding policy.

To avoid unexpected behavior, do not create rules that are conflicting or have the same priorities. For example, if you create a rule that allows access to facebook.com, assign the rule a priority of 10, create a rule that denies access to facebook.com, and assign the second rule a priority of 10, then the system will process the rules in an undefined manner.

When you add a port forwarding rule, BloxOne Service Edge permits access according to the source address, whether the traffic is originating from the WAN or LAN. You can configure multiple source addresses within one port forwarding rule, and all of them will use the ports you specify for the WAN or LAN.

Note

Routing options primarily comprise gateway rules and port forwarding rules. When configuring security rules for your service edges, consider NAT rules, port forwarding rules, and routing rules; this will ensure that they complement each other and will help avoid conflicts among them.

4. To create a port forwarding rule, do the following:

Navigate to the Port Forwarding Rules tab > Add Rule drop-down.
- Choose one of the following:
  - New Rule: Choose this to create a brand new rule. See more details below.
  - Copy Rule: Copy an existing rule to add it to the respective policy.
    1. Click Add.
    2. Select or search for the policy that contains the specific rule.
    3. Select the rule and click Add.
    4. Add more rules to the respective policy, or click Save to continue.
- To create a New Rule, specify the following:
  - Name: Enter a name for the port forwarding rule. Create a name that does not exceed 64 characters in length. Use numbers, any special characters, uppercase and lowercase letters, and even spaces. Start and end a name with any character but not a space. Leading and trailing spaces will be trimmed off automatically.
  - Nated Port: Enter the port on your gateway or router that you want to use for your forwarding communication. You can enter only a single port number.
  - Private IP Address: Enter an IPv4 address on your private LAN with which other devices or applications in the network communicate. Note that local host, multicast, and reserved IP addresses are not permitted.
  - Private Port: Enter the port on your private LAN that you want to use for port forwarding communication. You can enter only a single port number.
  - Protocol: Choose one of the following protocols you want to use for port forwarding communication:
    - BOTH: Use both TCP and UDP.
    - TCP: The TCP is a connection-oriented protocol that transmits data units by dividing them into data packets. Retransmission of lost data packets is possible only with the TCP.
    - UDP: UDP is a connectionless lightweight protocol and is preferred for transferring smaller units of data.
- Expand the Sources section and specify the following:
Click Expand All to view additional details of the rules and Collapse All to hide them.
Click Save.

5. Click Next to move to the Summary tab, to ensure the policy is accurate.

6. Click Save & Close.