Table of contents

Configure Port-Forwarding Rules

August 25, 2025

---

This guide was created for advanced users and IT administrators who need to configure network settings to connect a cloud-based web-app to a hardware management application running on private networks. The primary objective was to provide a vendor-agnostic, step-by-step process for a task that is often difficult to troubleshoot. The content is direct, concise, and emphasizes security by highlighting the critical firewall steps needed to secure their internal network. A mermaid.js diagram is included to help visualize the network architecture

As this piece involves connections between two vendors, I’ve redacted company information to preserve their brand integrity.

When you purchase Product A, you will have been advised that Product A must be able to connect to your Product B system. If you need to connect Product A to a Product B system that does not have a public IP address or connection to the internet, you have two main options:

  1. Run Product A from an on-premises server that can communicate directly through your network. In this case, Product A runs from a container on a server you manage that is on the same local network as Product B. Unfortunately, this makes configuring and upgrading Product A more difficult and you will require a different license.
  2. Configure your network to allow for communication between Product A and Product B. A common way to do this is by port forwarding traffic/packets received at a public IP address and port to Product B’s private IP address and port. You can then use a firewall to secure this IP address and add Product A’s IP address to the list of approved IP addresses for incoming or outgoing traffic as needed.

This article is meant to serve as an explanation of the general process for port forwarding rules. Specific steps will vary based on your vendors and network security and this work will likely involve collaboration with your security or IT teams.

What is port forwarding?

You’re likely familiar with an IP address. This specifies the location of a device on a network. These can be public or private. A port is a numerical identifier for a particular application or service running on your device. For example, port 80 and 443 are commonly used to handle requests for web servers (HTTP and HTTPS).

If you need to follow the process detailed in this article, your Product B instance is running on a server which has a private IP address. When a device on your local network communicates with Product B it sends a request to both the IP address and the port(s) associated with particular services in Product B. Devices outside of this network will be unable to find this address.

Your local network also has a router. A router manages traffic on your local network — coordinating and sending requests between devices connected together on your network. Port forwarding refers to configuring a rule for your router to send traffic directed to a particular IP address to a different IP address and port on the network. As part of configuring this rule, you will configure a public IP address and port that external services can communicate with. To secure the public IP address, you use a firewall and list of permitted IP addresses (“allowlist”).

Your Product B installation will have two layers of security:

  1. The port forwarding rule
  2. The firewall which limits traffic to the public IP address

You can visualize this setup below, where Product B is in a secure, separate network, and Product A is connected to your router:

Architectural diagram of the port-forwarding rule architecture and packet traffic flows.

How does port forwarding help Product A communicate with Product B?

Product A is an application that is hosted on a server listed on the public internet. Access to Product A is controlled through user login and authentication protocols. Product A has its own public IP address, and any requests from Product A will originate from that address. When you specify the connection to Product B in Product A, you will provide the port and URL/IP address for the public IP address that was created on your router. Your router will then “forward” traffic from Product A to Product B. To ensure that your public IP address is secure, you must configure a firewall that allows traffic from Product A’s IP address to connect to your router.

How do I configure port forwarding?

Your network configuration steps are determined by your business’s network hardware. You might be able to handle all configuration directly in your router. You might need to set up a second device that is connected to the internet. It is difficult to provide instructions for all network configurations, so consider this article as broad steps that might differ based on your network hardware and services.

At minimum, these instructions assume that you have the following items configured or available:

  • Product B running on a server, isolated on a local network
  • Your network is operated on a router that has access to the internet
  • A firewall service
  • The IP address for your Product A instance

To configure port forwarding rules, you will need to take the following broad steps:

  1. Identify the IP address and port(s) used by Product B (port 1353 by default)
  2. Create the port forwarding rule:
    1. Access your router’s administrative interface, typically by entering your router’s IP address into a browser on a computer connected to the same network.
    2. Find “Port Forwarding”, “Virtual Servers”, or a similar section.
    3. Create a new port forwarding rule. These will frequently require the following information:
      1. External Port: This is the public port that Product A will connect to (you can use the same number as the internal port, but double check your network configuration!).
      2. Internal Port: The port that Product B’s service is listening on (e.g., 1433).
      3. Internal IP Address: The private IP address of the machine hosting Product B.
      4. Protocol: Typically TCP.
      5. Action: Allow.
    4. Important: This will directly expose Product B to the internet on the chosen port. If there is an option to leave the rule inactive, and turn it on later, you should exercise that option.
  3. Firewall configuration settings: This is absolutely necessary to mitigate risks associated with step 2, and should be done immediately.
    1. Access your firewall’s administration settings. This could be the router’s built-in firewall or a separate application.
    2. Create a new firewall rule with the following settings:
      1. Direction: Inbound and outbound.
      2. Source IP Addresses: The public IP address for Product A. Only allow traffic from the specific IP address associated with Product A.
      3. Destination IP Addresses: This is the public IP address configured with your port forwarding rule, not the private IP address associated with your Product B server.
      4. Destination Port: The external port configured in the port forwarding rule.
      5. Protocol: Typically TCP.
      6. Action: Allow.
    3. Activate the rule. This step is critical to protect your Product B instance from receiving traffic from external services. It is your primary defense against unauthorized access to this system.
  4. Activate and test your connections: If you haven’t activated the port forwarding rule, do so. You will want to test by making sure that Product A can connect to the public IP address and port specified in step 3, and test that another IP address is unable to send traffic through the public port.

Best practices

This article describes a common network configuration that allows Product B to communicate with Product A. Please remember that your team is responsible for securing your network, and should regularly do the following things:

  • Regularly update your router and firewall software.
  • Audit the list of allowed IP addresses.
  • Conducting security checks and penetration testing.

If you have any questions about how we secure Product A, please reach out to our support team!