User manual
Firewall
96
Configuring the UPnP Gateway
The UPnP Gateway needs to be run on a pair of interfaces, the external interface and the
internal interface.
The UPnP Gateway will send out notifications on the internal interface, advertising its
presence on the network. Any UPnP capable applications or devices that you require to
make use of the UPnP Gateway need to be connected to the CyberGuard SG appliance
via this interface. The UPnP Gateway will listen on this interface to requests from UPnP
capable applications and devices to establish port forwarding rules.
In response to these requests, the UPnP Gateway will establish port forwarding rules to
allow matching packets to be forwarded from the configured external interface through to
the internal interface.
Note
The port forwarding rules set up via the UPnP Gateway are temporary. Power cycling the
CyberGuard SG appliance will clear the list of configured UPnP port forwarding rules, as
will the event of either the internal or external interfaces becoming unavailable.
The UPnP Gateway is intended for transitory application port forwarding, such as those
established by some versions of Microsoft Messenger for file transfers. For long term
port forwarding, we recommend configuring the necessary rules via the Destination NAT
features in Packet Filtering.
Should there be a conflict, rules established via Packet Filtering will have priority over
those established via the UPnP Gateway.
Port Tunnels
Port tunnels are point to point tunnels similar in many ways to port forwards. The
CyberGuard SG appliance supports two distinct kinds of port tunnels:
• httptunnel which tunnels traffic using the HTTP protocol
• stunnel which tunnels traffic using SSL
httptunnel based tunnels are not encrypted. They are, however, rather good for
penetrating zealous firewalls.