Skip to main content
Configure port forwarding
Last update:

Configure port forwarding

You can configure port forwarding (port forwarding) to access servers behind the firewall. This allows you to access the server without knowing the server's internal IP address. Users can also connect using only the ports that have been selected.

Configuring access to the server via SSH:

  1. Create virtual IP address.
  2. Create virtual IP address group.
  3. Customize security policy.

Create a virtual IP address

To create a virtual IP address (VIP):

  1. Go to Policy & ObjectsVirtual IPs and create a new virtual IP address.
  2. Specify the IP address of your firewall as the External IP Address/Range and the internal address of the server as the Mapped IP Address/Range.
  3. Enable Port Forwarding. For Protocol set the value to TCP, for External Service Port set any free port, for Map to Port set the port on which your server's SSH service is running. By default, this is port 22.

Create a group of virtual IP addresses

To add virtual IP addresses to a virtual IP group:

  1. Go to Policy & ObjectsVirtual IPs and create a new group.
  2. Set new virtual IP addresses in Members.

Customize security policy

To allow access to the server from the Internet:

  1. Go to Policy & ObjectsIPv4 Policy and create a new policy.
  2. Select the external interface as the Incoming Interface and the internal interface as the Outgoing Interface.
  3. Select a virtual IP address or group as the Destination Address.

For this policy, NAT is disabled so that the server sees the source addresses of the sources it receives. This is the preferred parameter.