Skip to main content

WAN to LAN: Port forwarding

Beijer Electronics
Updated

The WAN (corporate network) and LAN (machine network) side of the CloudVPN router are separated by the internal firewall. However, you can allow local WAN to LAN traffic by adding a port forwarding. This way you can access the machine, from inside the local corporate network, without having to establish a VPN connection first.

How it works: when you are inside the local corporate network, you access the CloudVPN router's WAN IP address at a specific network port (e.g. 5900 for VNC traffic). The CloudVPN router's port forwarding will then forward the network traffic to a target IP address and network port, resulting in a connection with the target device (PLC, HMI, or other).

Important: before you continue

  • It is recommended to set a static WAN IP address for your CloudVPN router to maintain long-term accessibility.
  • Port forwarding has no effect on the VPN connection.

The next steps show you how to add port forwarding.

  • Open the CloudVPN Portal Fleet Manager, which is accessible via the Apps menu in the top right corner if you are currently in a different CloudVPN Portal app.
  • Go to Devices  in the left menu and select the concerning device.
  • Go to Network  in the left menu and select the [Firewall] subcategory.
  • Go to the WANLAN section and select [Add port forwarding].
  • Enter the requested information (details below) and click on [Add].
Field Description
External port All incoming network traffic at this port (at CloudVPN router's WAN) will be forwarded.

The port number is application dependent. For example, VNC applications use port 5900 by default. Search online or contact the manufacturer for the correct port number.
Target IP address The IP address to which the traffic needs to be forwarded.
Target port The port number to which the traffic needs to be forwarded. Often the same as the "External port".

port-forwarding.gif

You have now made the changes in the CloudVPN Portal, but these are not yet active in your device. You will need to push your changes to your device for them to take effect.

  • Click [Push config to device] in the top right corner.

Tip: Multiple VNC servers

If you're adding port forwarding for more than one VNC server, simply up the external port by 1 for each consecutive port forwarding (5900, 5901, 5902, etc.). Keep the target port at 5900.
 
Example Application using Port Forwarding:
mceclip0.png

Using the example network above, the Workstation is on the Corprate Network / WAN side of the CloudVPN using 172.168.10.X network, while the LAN behind the CloudVPN is using 192.168.10.X. Because of the build in firewall on the CloudVPN we do not allow access from the WAN à LAN. So example if you which to read the modbus driver on X2 HMI you then can setup port fowarding on the CloudVPN

 

mceclip1.png

External Port: 8502 (any unused port user defined)

Target IP: 192.168.10.254 (IP of X2)

Target Port: 502 (Default Modbus TCP Port)

 

Once you set it up, on your workstation you can do a MODBUS query like the following:

IP: 172.168.10.254 (WAN IP of CloudVPN)

Port: 8502

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk