For this example, we'll create two port forwarding policies in order to remotely manage two security webcams located on a private Sputnik-powered local area network (LAN), enabling access to the devices' local web control panels over the internet.

To create the first port forwarding policy, click on "Network Policies" from the "CONFIG" menu.

Click on "Define New Network Policy" from the Network Policies menu.

Here is an example policy to access the built-in web interface of a security camera. Fill out the following fields to create the policy:

- Name: name your policy

- Action: select "Port Forward"

- Protocol: select "TCP"

If redirecting a single port (as in this example):

- TCP or UDP Port: enter "8080"

- Redirect to Port: enter "80"

If redirecting a port range, which will redirect the range from the Sputnik-powered device to the same range on the client device:

- Starting Port: enter starting port number

- Ending Port: enter ending port number

Click "Add Policy" to save your settings.

The new port forwarding policy will appear in the network policy list.

Click on "Authentication" from the "CONFIG" menu, then select the authentication system you want to apply the policy to, or create a new one. NOTE: for port forwarding, you need to use a device authentication system, as the "client" will be a device on the private Sputnik-powered network.

Click on "Devices" from the "Authentication System" page. Enter the MAC address of the first security webcam. The webcam will automatically authenticate via its MAC address using the "Camera 1 - NE" authentication system, and be subject to network policies applied to that authentication system. Next, we'll apply the port forwarding policy we set up earlier to the "Camera 1 - NE" authentication system.

Click on "Group Policies" from the "Authentication System" menu, then click on "[Edit]".

Click the checkbox next to the name of the port forwarding policy just created, and click "Update Policies" to save your changes.

Your port forwarding policy will appear in the "all" group policies list for the "Camera 1 - NE" authentication system.

Click on "Define New Network Policy" from the Network Policies menu.

Fill out the fields as before, with a new name, and a different TCP or UDP port. Here we've entered port "8081" (vs. "8080" for the first port forwarding policy). It is important that the port numbers are different, as each will be forwarded to port 80 on a different device.

The new port forwarding policy will appear in the network policy list.

Follow the above instructions to apply the second port forwarding policy to a second device authentication system. In this example, "Camera 2 - SW" would include the MAC address of the second security webcam.

Each port forwarding policy is now assigned to a device authentication system.

Click "Routers" from the "CONFIG" menu. Select the Sputnik-powered device (router) that provides network access to the security webcams.

Click on "Policy and Authentication Overrides" from the "Edit Settings for Active Router" page. Scroll down, and click the checkboxes next to the names of the device authentication systems created previously. Click "Save Overrides" to apply settings.

Click "Edit Settings" from the "Edit Settings for Active Router" page. Scroll down, and view the policies applied to the Sputnik-powered device.

In this example, the "Camera 1 - NE" device authentication system applies "Security Camera 1" port forwarding policies; the "Camera 2 - SW" device authentication system applies "Security Camera 2" port forwarding policies. Based on the policies, port 8080 will forward to port 80 (web traffic) on security camera 1; port 8081 will forward to port 80 on security camera 2. Thus you can access these devices' web-based control panels from anywhere on the internet.

This diagram illustrates how port forwarding works for the first security webcam in the example. The port forwarding policy "Security Camera 1" applies to "all" clients of the "Camera 1 - NE" authentication system, which is applied directly to the local Sputnik-powered device (router) called "Gourmet Store 41". Based on the port forwarding policy, traffic going through port 8080 on the Sputnik-powered device will be forwarded to port 80 on the security camera, enabling access to its web-based interface from anywhere on the internet.

A different scenario: if you have a single device, for example a flat-screen display media controller, that is installed in many locations across your network, it is easy to apply standard port forwarding policies to all of them.

First, create the port forwarding policy as described above, then apply it to a device authentication system. Enter the MAC addresses of all of the media controller devices into the device authentication system, and apply the authentication system to the Sputnik-powered devices in the field. Whenever you add a new flat-screen display, simply add its controller's MAC address into the device authentication system, and apply the authentication system to the local Sputnik-powered device.