01-03-2021 10:41 AM
Hi,
I've got a RV260P router and I'm trying to understand how the Access Rules (under Firewall) interact (or don't) with Port Forwarding rules? e.g. let's say I defined a Port Forwarding rule to forward external port 3389 (from WAN) to internal port 3389 on LAN. What happens when a packet comes into WAN with port 3389 as dest? Is that packet first processed thru the Access Rules table, or does it bypass Access Rules and get forwarded immediately? I'm trying to be able to restrict many of my Port Forwarding rules so that they only get forwarded if the source IP is within an IP range that I know/trust. I would think I might have to create 2 rules: first Allows 3389 if IP is within a range. Second rule would be a DENY for WAN traffic, DST=3389 any DST IP.
Or am I going about this the wrong way?
Any good Cisco docs on how these Firewall features interact with one another?
TIA,
Mike
01-03-2021 12:14 PM
Order of operation is PAT and Access Policy.
First rule should be PAT
Seconds rule allow source IP port - destination IP Port allow.
01-03-2021 12:43 PM
Hmmm, what is PAT? I’m guessing it means Port Forwarding? If that’s correct, you’re saying to create a Port Forwarding rule. Then create an Access Rule that Allows this same port coming in on WAN - IF the SRC IP meets my criteria. Do I also create a 2nd Access Rule that Denies this same port for Any SRC IP?
01-03-2021 02:27 PM
yes PAT(port-forward) yes create port-forward and allow ACL, if you Acess rule deny any should cover default.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide