Port Forwarding
How to create port forwarding policies that enable "outside" internet access to devices (e.g. security webcams, flat-screen display media controllers, local servers, printers, etc.) on private Sputnik-powered local area networks (LANs).
Log into SputnikNet, then navigate to network policies overview.
For this example, we'll create two port forwarding policies in order to remotely manage two security webcams located on a private Sputnik-powered local area network (LAN), enabling access to the devices' local web control panels over the internet.
To create the first port forwarding policy, click on "Network Policies" from the "CONFIG" menu.
Add a new port forwarding network policy.
Configure the port forwarding policy.
Here is an example policy to access the built-in web interface of a security camera. Fill out the following fields to create the policy:
- Name: name your policy
- Action: select "Port Forward"
- Protocol: select "TCP"
If redirecting a single port (as in this example):
- TCP or UDP Port: enter "8080"
- Redirect to Port: enter "80"
If redirecting a port range, which will redirect the range from the Sputnik-powered device to the same range on the client device:
- Starting Port: enter starting port number
- Ending Port: enter ending port number
Click "Add Policy" to save your settings.
Review the port forwarding policy.
Select an authentication system.
Add the webcam's MAC address to the first device authentication system.
Click on "Devices" from the "Authentication System" page. Enter the MAC address of the first security webcam. The webcam will automatically authenticate via its MAC address using the "Camera 1 - NE" authentication system, and be subject to network policies applied to that authentication system. Next, we'll apply the port forwarding policy we set up earlier to the "Camera 1 - NE" authentication system.
Edit the "all" group.
Add the port forwarding policy to the device authentication system's "all" group.
Review group policies.
Add a second port forwarding network policy.
Configure the port forwarding policy.
Review the port forwarding policy.
Apply the second port forwarding policy to a different device authentication system.
Review port forwarding policies.
Select the Sputnik-powered device you want to apply the port forwarding policies to.
Apply the device authentication overrides to the Sputnik-powered device.
Review the Sputnik-powered device's network policies.
Click "Edit Settings" from the "Edit Settings for Active Router" page. Scroll down, and view the policies applied to the Sputnik-powered device.
In this example, the "Camera 1 - NE" device authentication system applies "Security Camera 1" port forwarding policies; the "Camera 2 - SW" device authentication system applies "Security Camera 2" port forwarding policies. Based on the policies, port 8080 will forward to port 80 (web traffic) on security camera 1; port 8081 will forward to port 80 on security camera 2. Thus you can access these devices' web-based control panels from anywhere on the internet.
Network policy chain.
This diagram illustrates how port forwarding works for the first security webcam in the example. The port forwarding policy "Security Camera 1" applies to "all" clients of the "Camera 1 - NE" authentication system, which is applied directly to the local Sputnik-powered device (router) called "Gourmet Store 41". Based on the port forwarding policy, traffic going through port 8080 on the Sputnik-powered device will be forwarded to port 80 on the security camera, enabling access to its web-based interface from anywhere on the internet.
Port forwarding to devices in multiple locations.
A different scenario: if you have a single device, for example a flat-screen display media controller, that is installed in many locations across your network, it is easy to apply standard port forwarding policies to all of them.
First, create the port forwarding policy as described above, then apply it to a device authentication system. Enter the MAC addresses of all of the media controller devices into the device authentication system, and apply the authentication system to the Sputnik-powered devices in the field. Whenever you add a new flat-screen display, simply add its controller's MAC address into the device authentication system, and apply the authentication system to the local Sputnik-powered device.