How do I configure firewall and port forward settings on Datto Routers?
- Datto Network Manager
Accessing firewall configuration options
1. In the Datto Network Manager Navigation menu, click Manage, then select Routers from the expanded options.
2. Click the name of the router you want to configure.
3. Select Firewall from the expanded router options in the Navigation menu.
Configuring router options
This section lets you forward a specific port from the router's WAN interface to an IP address on your LAN. For example, you could enable outside access to an internally-hosted web server by adding a port forwarding entry with:
- an Incoming Port and Destination Port of 80.
- the Destination IP of the server's local LAN IP address.
You can configure the following port forward options:
- Device name: The hostname of the device requesting access
- Incoming port: The port through which traffic from the internet will enter the router. You can also specify a range of ports (e.g., 1000-2000). Incoming ports and destination ports should be the same unless otherwise specified
- Protocol: The transfer protocol forwarded traffic will use (TCP, UDP, or all)
- Destination IP: The internal address of the forwarded traffic
- Destination port: The port on the internal device through which forwarded traffic will travel
- Add/Remove: Adds or removes a port forwarding rule
Custom traffic policies
This section lets you configure access control lists (ACLs) to allow or deny traffic movement through the router. You can use these to:
- control where internal traffic can go.
- use port forwarding entries to control what internal resources traffic from the internet can reach.
You can configure the following custom traffic policy options:
- Policy name: A descriptive name letting admins know the policy's purpose
- Action: Specify the action to take (block or allow)
- Protocol: Specify the protocol to which the policy applies (TCP, UDP, or all)
- Source IP: Designate an originating external IP address to which the policy will apply
- Incoming port: Specify a port through which allowed traffic would enter the network
- Destination IP: Specify an individual IP address or range of internal IP addresses that can receive permitted traffic
- Destination port: Designate a port on the device through which to receive allowed traffic
- Add/Remove: Adds or removes a custom traffic policy