How do I configure firewall and port forward settings on Datto Routers?

Question

How do I configure firewall and port forward settings on Datto Routers?

Environment

  • Datto Network Manager

Answer

Accessing firewall configuration options

1. In the Datto Network Manager Navigation menu, click Manage, then select Routers from the expanded options.

mceclip1.png
Figure 1: The Navigation menu

2. Click the name of the router you want to configure.

mceclip1.png
Figure 2: The Routers page

3. Select Firewall from the expanded router options in the Navigation menu.

mceclip2.png
Figure 3: Expanded router option

Configuring router options

Port forwards

This section lets you forward a specific port from the router's WAN interface to an IP address on your LAN. For example, you could enable outside access to an internally-hosted web server by adding a port forwarding entry with:

  • an Incoming Port and Destination Port of 80.
  • the Destination IP of the server's local LAN IP address.

You can configure the following port forward options:

  • Device name: The hostname of the device requesting access
  • Incoming port: The port through which traffic from the internet will enter the router. You can also specify a range of ports (e.g., 1000-2000). Incoming ports and destination ports should be the same unless otherwise specified
  • Protocol: The transfer protocol forwarded traffic will use (TCP, UDP, or all)
  • Destination IP: The internal address of the forwarded traffic
  • Destination port: The port on the internal device through which forwarded traffic will travel
  • Add/Remove: Adds or removes a port forwarding rule

mceclip3.png
Figure 4: Port forwards

Custom traffic policies

This feature requires D200 firmware release 1.0.7 or later.

This section lets you configure access control lists (ACLs) to allow or deny traffic movement through the router. You can use these to:

  • control where internal traffic can go.
  • use port forwarding entries to control what internal resources traffic from the internet can reach.

You can configure the following custom traffic policy options:

  • Policy name: A descriptive name letting admins know the policy's purpose
  • Action: Specify the action to take (block or allow)
  • Protocol: Specify the protocol to which the policy applies (TCP, UDP, or all)
  • Source IP: Designate an originating external IP address to which the policy will apply
  • Incoming port: Specify a port through which allowed traffic would enter the network
  • Destination IP: Specify an individual IP address or range of internal IP addresses that can receive permitted traffic
  • Destination port: Designate a port on the device through which to receive allowed traffic
  • Add/Remove: Adds or removes a custom traffic policy