Port Forwarding Rules Configuration

Dashboard Location: Security and SD-WAN > Configure > Firewall > Forwarding rules

External Port Access Management

Port forwarding rules configuration in Meraki appliances enables the redirection of external traffic from specific public ports to internal hosts and services, providing controlled external access to internal resources without requiring dedicated public IP addresses. This functionality allows organizations to efficiently expose internal services such as web servers, databases, and applications to external clients while maintaining network security through source IP restrictions and protocol controls. Port forwarding is essential for cost-effective service deployment, supporting legacy applications that require specific port access, and enabling remote access to internal systems while conserving public IP address resources.

Diagram

Classes

firewall (meraki.domains.organizations.networks.appliance)

Name	Type	Constraint	Mandatory	Default Value
port_forwarding_rules	List	`[port_forwarding_rules]`	No

port_forwarding_rules (meraki.domains.organizations.networks.appliance.firewall)

Name	Type	Constraint	Mandatory	Default Value
name	String	min: `1`, max: `127`	No
lan_ip	IP		Yes
uplink	Choice	`both`, `internet1`, `internet2`, `internet3`	No
public_port	Any	Integer[min: `1`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
local_port	Any	Integer[min: `1`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
allowed_ips	List	Any[IP or String[matches: `[Aa]ny`]]	Yes
protocol	Choice	`tcp`, `udp`	Yes

Examples

Example-1: The example below demonstrates port forwarding rules configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              appliance:
                firewall:
                  port_forwarding_rules:
                    - name: "Port Forwarding Rule 1"
                      lan_ip: "192.168.128.10"
                      uplink: both
                      public_port: 8080
                      local_port: 80
                      allowed_ips:
                        - "192.168.1.1"
                      protocol: tcp
                    - name: "Port Forwarding Rule 2"
                      lan_ip: "192.168.128.20"
                      uplink: both
                      public_port: 8081
                      local_port: 80
                      allowed_ips:
                        - "192.168.1.1"
                      protocol: tcp