By default, all inbound traffic received by the device for WAN IP addresses (defined in the configuration) from outside the network will be blocked. Inbound traffic will be blocked except for Routed Mode configurations. The inbound relationships between the IP addresses of WAN networks configured for NAT and the IP addresses of the LAN network of the Ecessa device are required to be defined in order to allow for inbound traffic.
The most common way to define inbound relationships is through the use of the Ecessa device Port Forwarding rules. There are two main methods for defining Port Forwarding rules on the Ecessa device which are: Multiple WANs to LAN IP and Multiple WAN IP Range to LAN IP Range. See the below examples for the Port Forwarding rules for both Routed/Translucent Mode (Routed/Translucent mode Port Forwarding rules are entered the same way) and NAT Mode configurations.
Using the Routed Mode network example (remember: the same rules would apply for a Translucent mode network), the below network map shows the rules that will map the IP addresses from the WAN line configured for NAT to IP addresses on the routed LAN.
To define a single IP pair between our two WAN connections, the Multiple WANs to LAN IP Port Forwarding rule would appear as below.
If a range of IP addresses were defined between the NAT and Routed networks, the use of the Multiple WAN IP Range to LAN IP Range Port Forwarding rule would appear as follows:
In a NAT Mode scenario there is a separate private network on the LAN of the Ecessa device. It is required to set up a relationship between both WAN networks and this private LAN.
The figure below illustrates how to build a rule using a single IP from each WAN subnet using the Multiple WANs to LAN IP Port Forwarding rule.
To define a range of IP addresses from both WAN subnets, it is necessary to utilize the Multiple WAN IP Range to LAN IP Range Port Forwarding rule depicted in the figure below.
If any of the WAN IP addresses utilized in the Port Forwarding rules are used for VPN termination, both the IPSec and PPTP checkboxes should be selected. In order to forward ICMP traffic through the Ecessa device for the WAN IP addresses defined in the Port Forwarding rule, select the ICMP checkbox. The comments field allows you to create a description for the Port Forwarding rule.
Although this section illustrates how to configure the majority of Port Forwarding scenarios, there are exceptions which are not covered in this manual. If there are any questions about how to configure Port Forwarding rules in your environment, refer to our help page, contact Ecessa Technical Support at firstname.lastname@example.org, or call (800) 669-6242 x2.