How do I configure firewall and port forward settings on Datto Routers?

Question

Environment

Datto Network Manager

Answer

Accessing firewall configuration options

1. In the Datto Network Manager Navigation menu, click Manage, then select Routers from the expanded options.

Figure 1: The Navigation menu

2. Click the name of the router you want to configure.

Figure 2: The Routers page

3. Select Firewall from the expanded router options in the Navigation menu.

Figure 3: Expanded router option

Configuring router options

Port forwards

This section lets you forward a specific port from the router's WAN interface to an IP address on your LAN. For example, you could enable outside access to an internally-hosted web server by adding a port forwarding entry with:

an Incoming Port and Destination Port of 80.
the Destination IP of the server's local LAN IP address.

You can configure the following port forward options:

Device name: The hostname of the device requesting access
Incoming port: The port through which traffic from the internet will enter the router. You can also specify a range of ports (e.g., 1000-2000). Incoming ports and destination ports should be the same unless otherwise specified
Protocol: The transfer protocol forwarded traffic will use (TCP, UDP, or all)
Destination IP: The internal address of the forwarded traffic
Destination port: The port on the internal device through which forwarded traffic will travel
Add/Remove: Adds or removes a port forwarding rule

Figure 4: Port forwards

Custom traffic policies

This feature requires D200 firmware release 1.0.7 or later.

This section lets you configure access control lists (ACLs) to allow or deny traffic movement through the router. You can use these to:

control where internal traffic can go.
use port forwarding entries to control what internal resources traffic from the internet can reach.

You can configure the following custom traffic policy options:

Policy name: A descriptive name letting admins know the policy's purpose
Action: Specify the action to take (block or allow)
Protocol: Specify the protocol to which the policy applies (TCP, UDP, or all)
Source IP: Designate an originating external IP address to which the policy will apply
Incoming port: Specify a port through which allowed traffic would enter the network
Destination IP: Specify an individual IP address or range of internal IP addresses that can receive permitted traffic
Destination port: Designate a port on the device through which to receive allowed traffic
Add/Remove: Adds or removes a custom traffic policy

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.