Step 1: Enabling Remote Port Forwarding
- Login Cato portal.
- From the navigation menu, click Network > Remote Port Forwarding.
3. Click the Disabled slider. The slider is green to indicated that RPF is enabled.
4. Click Save. RPF is now enabled for the account.
Step 2: Defining Remote Port Forwarding Rules
- From the navigation menu, click Network > Remote Port Forwarding.
- Click New. The Add Rule panel opens.
3. Enter the Name for the rule.
(Optional) Select Forward ICMP to enable forwarding ICMP messages for this rule.
4. In the External section, define the Cato allocated External IP and External Port Range for the ports monitored by the PoP.
5. In the Internal section, enter the Internal IP address to which the traffic is forwarded and the Internal Port range.
6. In the Remote IPs section, select if this rule is an Allow List or Block List.
To define the only traffic that is ALLOWED to connect to the host:
Select Allow List.
Select the Traffic Sources based on the IP or Subnet. These are the IP addresses and ranges that are allowed to perform RPF to the host.
Click (Add) to add more allowed remote IPs.
To allow all traffic to this host, and define sources that are BLOCKED and can’t connect to it:
Select Block List.
Select the Traffic Sources based on the IP or Subnet. These are the IP addresses and ranges that are blocked and can’t perform RPF to the host.
Click (Add) to add more blocked remote IPs.
(Optional) Define email notifications, for the traffic that matches the rule. For more information, see Working with Email Notifications for the Account.
Click Apply. The rule is added.
Click Save. The RPF rule is added to your account.