RVxxx routers: How do Access Rules and Port Forwarding rules interact?

ReedMikel · ‎01-03-2021

Hi,

I've got a RV260P router and I'm trying to understand how the Access Rules (under Firewall) interact (or don't) with Port Forwarding rules? e.g. let's say I defined a Port Forwarding rule to forward external port 3389 (from WAN) to internal port 3389 on LAN. What happens when a packet comes into WAN with port 3389 as dest? Is that packet first processed thru the Access Rules table, or does it bypass Access Rules and get forwarded immediately? I'm trying to be able to restrict many of my Port Forwarding rules so that they only get forwarded if the source IP is within an IP range that I know/trust. I would think I might have to create 2 rules: first Allows 3389 if IP is within a range. Second rule would be a DENY for WAN traffic, DST=3389 any DST IP.

Or am I going about this the wrong way?

Any good Cisco docs on how these Firewall features interact with one another?

TIA,

Mike

balaji.bandi · ‎01-03-2021

Order of operation is PAT and Access Policy.

First rule should be PAT

Seconds rule allow source IP port - destination IP Port allow.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ReedMikel · ‎01-03-2021

Hmmm, what is PAT? I’m guessing it means Port Forwarding? If that’s correct, you’re saying to create a Port Forwarding rule. Then create an Access Rule that Allows this same port coming in on WAN - IF the SRC IP meets my criteria. Do I also create a 2nd Access Rule that Denies this same port for Any SRC IP?

balaji.bandi · ‎01-03-2021

yes PAT(port-forward) yes create port-forward and allow ACL, if you Acess rule deny any should cover default.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help