NSG Security Gateways support UPNP

steves
steves Posts: 7
edited April 2021 in Nebula

Do the NSG security gateways, such as the NSG100, support UPNP port forwarding?

All Replies

  • Zyxel_Chris
    Zyxel_Chris Posts: 484  Zyxel Employee

    Hello @steves

    NSG don't support UPNP in current stage, I will put this idea to our feature queue and also move this post to the idea section anyone who likes this can leave your comment or press like button below.☺️


    /Chris

    Chris
  • Desley
    Desley Posts: 3
    edited November 2019

    @Nebula_Chris I would like to use upnp, because my customers use it for their music

  • Alfonso
    Alfonso Posts: 257  Master Member

    Upnp is a security risk.

    A virus, Trojan horse, worm, or other malicious program that manages to infect a computer on your local network can use UPnP, just like legitimate programs can. While a router normally blocks incoming connections, preventing some malicious access, UPnP could allow a malicious program to bypass the firewall entirely. 

    So my recommendation is not supporting Upnp.


    Regards

  • In an enterprise or business situation, I agree... But we have a fair number of larger residential customers that want a managed network and UPnP is very beneficial in that environment. I was not looking for a blanket solution for all customers, but the Nebula product is priced properly to do managed residential networks, both single family and multi-family dwellings, and UPnP is beneficial with a multitude of gaming and mutlimedia applications used often in homes and some of the other possible security issues are alleviated with the built in content and security measures of the NSG appliances.

    It is a "wish list" item though.

  • Alfonso
    Alfonso Posts: 257  Master Member


    Hi @steves

    A "fair" solution could be:

    • UPnP will be disabled by default
    • Before enable it, a warning message could be showed.


    Please, do not see me as a boycott of your idea.


    Regards

  • I am more than fine with this as a solution, as not having it enabled would be more common than having it enabled. We probably install these 85% in enterprise scenarios and 15% in residential, so having it disabled by default would be better but it would sure be nice to have that for the residential installations.

  • Zyxel_Chris
    Zyxel_Chris Posts: 484  Zyxel Employee

    Hello @steves and Alfonso,

    Thanks for your suggestion and share the business background information for us, noted it and will keep collecting the feedback on this post.?

    Chris

Nebula Tips & Tricks