Skip to content

Authenticated Port Forwarding

About this Document

In this document, we explain how to configure authenticated port forwarding on the AXS GUARD appliance. We use the RDP protocol as an example. This document was last updated on 1 Oct 2018.


  1. Log in to the appliance and go to Network > NAT > Port Forwarding.

  2. Add an new port forwarding rule for RDP. This will automatically create a stat-portforward rule under Firewall > Policies > Static.


  3. Go to Firewall > Rules > Through.

  4. Create an additional firewall rule rdp-drop.


  5. Create a new dynamic firewall policy rdp-allow-pol.

  6. Add the pf-rdp rule created in step 2 to the policy.


  7. Add the new dynamic policy rdp-allow-pol to the group of which the user is a member.


  8. Create a new static firewall policy drop-rdp-in.

  9. Add the rdp-drop rule created in step 4 to the policy.

  10. Place the policy above the static policy stat-portforward.


  11. Go to Authentication > General and enable Use secure Firewall and Web Access authentication.


  12. Go to Network > NAT > Port redirection.

  13. Create a port redirection rule as shown below.


  14. Point your browser to the WAN IP of the AXS Guard appliance and log in, e.g. https://x.x.x.x/login. You will be redirected to port 86.

  15. Leave the browser window open.

The user is assigned an additional firewall policy (rdp-allow-pol) which is only activated when the user is authenticated.