Port Forwarding Rules Configuration
Dashboard Location: Security and SD-WAN > Configure > Firewall > Forwarding rules
External Port Access Management
Section titled “External Port Access Management”Port forwarding rules configuration in Meraki appliances enables the redirection of external traffic from specific public ports to internal hosts and services, providing controlled external access to internal resources without requiring dedicated public IP addresses. This functionality allows organizations to efficiently expose internal services such as web servers, databases, and applications to external clients while maintaining network security through source IP restrictions and protocol controls. Port forwarding is essential for cost-effective service deployment, supporting legacy applications that require specific port access, and enabling remote access to internal systems while conserving public IP address resources.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”firewall (meraki.domains.organizations.networks.appliance)
Section titled “firewall (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| port_forwarding_rules | List | [port_forwarding_rules] | No |
port_forwarding_rules (meraki.domains.organizations.networks.appliance.firewall)
Section titled “port_forwarding_rules (meraki.domains.organizations.networks.appliance.firewall)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| lan_ip | IP | Yes | ||
| uplink | Choice | both, internet1, internet2, internet3 | No | |
| public_port | Any | Integer[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| local_port | Any | Integer[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| allowed_ips | List | Any[IP or String[matches: [Aa]ny]] | Yes | |
| protocol | Choice | tcp, udp | Yes |
Examples
Section titled “Examples”Example-1: The example below demonstrates port forwarding rules configuration.
This configuration enables external access to internal services through port-based traffic forwarding. The example includes port mappings, protocol specifications, access controls, and uplink selection to ensure secure and reliable service exposure. The configuration defines two port forwarding rules that allow controlled external access to internal servers while maintaining security via allowed IP restrictions.
The first rule, “Port Forwarding Rule 1”, redirects external traffic from public port 8080 to local port 80 (HTTP) on the internal server at LAN IP 192.168.128.10 using the TCP protocol. Access is restricted to 192.168.1.1 only, providing enhanced security, for example, to staging or administrative web servers that require limited access.
The second rule, “Port Forwarding Rule 2”, forwards external traffic from public port 8081 to local port 80 on a different internal server at LAN IP 192.168.128.20, also using TCP. Access is restricted to 192.168.1.1, ensuring only authorized clients can reach the server. Both rules use uplink: both, which applies the forwarding across all WAN connections, including primary and backup links, ensuring continuous service availability during failover scenarios. This setup provides reliable and secure external access to critical internal services while maintaining tight access control and failover resiliency.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: firewall: port_forwarding_rules: - name: "Port Forwarding Rule 1" lan_ip: "192.168.128.10" uplink: both public_port: 8080 local_port: 80 allowed_ips: - "192.168.1.1" protocol: tcp - name: "Port Forwarding Rule 2" lan_ip: "192.168.128.20" uplink: both public_port: 8081 local_port: 80 allowed_ips: - "192.168.1.1" protocol: tcp