Allowing Inbound Access

Inbound access describes IP packet connections from hosts on a lower security network to hosts on a higher security network. These connections include communication from the Wide Area Network (Internet) to hosts on a private LAN (Intranet) inside the Demilitarized Zone (DMZ), as well as connections between DMZ zones (intranet-to-intranet).

Inbound access allows remote devices to connect to specific devices, that have a private IP address within the higher security private Local Area Network (LAN), that would otherwise not be routable from the lower security network

Allowing inbound access can be achieved through applying a static NAT translation and an optional access rule to permit IP packets for a specific address and port pair (Outside IP Address, Outside IP Port) on the lower security network to be redirected to a specific address and port pair on the higher security network (Inside IP Address, Inside IP Port).

To provision a static NAT

When configuring the mesh and replicating over a wide area network, complete these steps in order to provision a static NAT.

1. Open a browser or similar application to open your networking gateway’s configuration page.

2. If authentication is enabled on your networking gateway, provide the correct credentials to continue.

3. Find the Port Redirection configuration setting. Each networking gateway will be slightly unique. The port redirection configurations settings may be labeled "Port Forwarding", "NAT access configuration", "Virtual Servers", or under "Advanced Settings".

4. Create a custom entry:

   1. Enter a name for the mapping.

   2. Choose the protocol type. For OneXafe Mesh connections this should be TCP.

   3. Select the External and Internal ports you wish to map. For OneXafe nodes the internal port 40000 is used.

   4. Select the External and Internal IP addresses you wish to map.