Controlling Inbound Traffic with Remote Port Forwarding

Remote Port Forwarding helps to open inbound connections from the Internet. It directs TCP/UDP traffic from the Internet to specific internal resources in your organization through the Cato Cloud. Remote Port Forwarding allows the defined external IP addresses to access the internal resources.

Use the Cato Management Application (Network > Remote Port Forwarding) to configure remote port forwarding rules for your account. When you create a remote port forwarding rule, select the allocate IP address for this rule. And then define the internal IP address and port of the resource, and the allowed remote IPs. You can also use the Tracking option to generate email notifications for forwarded traffic.

Since these rules allow inbound traffic from the Internet, we strongly recommend that you configure an IP address (or IP range) for the Allowed Remote IPs. Using the setting 0.0.0.0/0 allows ANY inbound traffic and is a significant security risk. The following screenshot shows an example of a rule that enables connectivity for all inbound traffic to an FTP server:

This screenshot shows the same rule that has been made secure and only allows access from the IP address 66.249.66.61 to the FTP server:

Cato Networks lets you manage the network bandwidth and QoS by assigning priority for different types of traffic. If you configure a Remote Port Forwarding (RPF) for your account, the RPF traffic is assigned automatically with the default QoS priority which is the lowest - 255.  The reason that RPF is assigned the default priority is to let you easily assign higher priority to other types of traffic. You can't change the default priority for the RPF rule. For more details about bandwidth Management, see What are the Cato Bandwidth Management Profiles.

For more information about remote port forwarding, see Configuring Remote Port Forwarding for the Account.