NAT filter by TOD

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

NAT filter by TOD

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
NAT filter by TOD
NAT filter by TOD
2023-05-15 14:09:52
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.3.0 Build 20230322 Rel.70951

Is it possible to restrict inbound NAT rules by TOD?  I want to only allow certain NAT's during certain hours.  I can't seem to figure out how to tie a Time Range profile to the NAT configuration, if this is even possible.

 

Thanks..

  0      
  0      
#1
Options
7 Reply
Re:NAT filter by TOD
2023-05-15 16:04:04

  @ocbroadband 

 

Not in the NAT rule itself, but you can create a time-based ACL to block access to the NAT port from whatever group of IP's you deem unfit.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:NAT filter by TOD
2023-05-15 17:05:49

  @d0ugmac1 Hmm.. I see that I can block an IP range, but not a specific port.  The goal is that I have a NAT/PAT setup for access, but I only want it accesible during the day. I don't see where I can pick just the port only the entire IP address.

  0  
  0  
#3
Options
Re:NAT filter by TOD
2023-05-15 17:13:51

  @d0ugmac1 Actually, I think I figured it out.

  0  
  0  
#4
Options
Re:NAT filter by TOD
2023-05-15 17:19:31
Looks good. Does it test out ok?
<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#5
Options
Re:NAT filter by TOD
2023-05-15 19:06:08

  @d0ugmac1 I'll have to check it later when I get home. I can VPN out and try to come back in from another PC and see what happens.  Thanks for the advise.

  0  
  0  
#6
Options
Re:NAT filter by TOD
2023-05-17 17:27:50

  @d0ugmac1 Well, tried this out, and it did not block the traffic during the timeframes with the deny in place.  Not sure if this is a bug or if I'm not configuring it correctly.

  0  
  0  
#7
Options
Re:NAT filter by TOD
2023-05-17 18:13:57

  @ocbroadband 

 

Hmm, how about blocking the return path, ie block port 3389 outbound during your time window?

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#8
Options