Port Forwarding
Port forwarding is a vital feature of the EnGenius Cloud Gateway, enabling external users to access services on your private network. This feature directs traffic coming to specific TCP or UDP ports on the internet-facing interface of the gateway to designated internal IP addresses. Port forwarding is particularly beneficial for networks without a pool of public IP addresses, as it allows multiple servers to be accessible from a single public IP address.
Example of port forwarding configuration
Illustration of port forwarding configuration
Configuring Port Forwarding
Access the Gateway’s Configuration Interface
Log into your EnGenius Cloud account and navigate to the 'Configure/Gateway/Firewall' section.
Navigate to the Port Forwarding Section
Within the Firewall configuration page, select Port Forwarding tab.
Configure Port Forwarding Rules
Add a New Rule: Start by adding a new port forwarding rule. This usually involves specifying the external port that will receive incoming traffic on the gateway’s public IP address.
Specify Internal IP and Port: Enter the internal IP address of the device that should receive the forwarded traffic, along with the port number on which the internal device is set to listen.
Select Protocol: Choose whether the rule applies to TCP or UDP protocols, depending on the requirements of the service you are forwarding to.
Apply Changes: Save or apply the changes to activate the port forwarding rule.
Repeat for Multiple Services
If you need to forward different ports to different internal IP addresses, repeat the process for each service. This setup allows multiple applications or servers (like web servers, game servers, or file servers) to be accessible from the same public IP address but on different specified ports.
Test and Verify Connectivity
Use tools like port checkers or direct service access attempts to verify that the setup works as expected. After setting up your port forwarding rules, it’s essential to test each service from an external network to ensure that the traffic is correctly directed to the right internal devices.
Best Practices for Port Forwarding
Security Considerations: Since port forwarding exposes internal services to the internet, ensure that these services are secured and regularly updated to prevent unauthorized access.
IP Address Stability: Use static IP addresses for devices receiving forwarded traffic to prevent issues related to DHCP address changes.
Ports can be specified individually or as a range
Port ranges must be written with a hyphen; comma-separated lists are not allowed.
When mapping a range of public ports to a range of local ports, the ranges must be of equal length
For example, public ports 8000-8300 must be mapped to local ports 8000-8300.
It is not possible to forward a single TCP or UDP port to multiple LAN devices using port forwarding
Additional Considerations
If a port forward is configured for UDP ports 500 or 4500 to a specific server, the ESG will redirect all non-EnGenius site-to-site and L2TP/IPsec client VPN traffic to the LAN IP specified in the port forward.
EnGenius SecuPoint SSL VPN client, which utilizes TCP port 443, may experience similar issues. Traffic intended for the SSL VPN client will be rerouted to the LAN IP specified in the port forward, potentially disrupting the VPN connection.
Last updated
Was this helpful?