Problems port forwarding on USG20W VPN

elkrust Posts: 24  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
I am no super techie, but I have enabled port forwarding on many residential style routers in the past but the interface for the USG20W VPN has stumped me. Here's my scenario. Essentially I would like to forward port 22 to a device on my internal LAN at I have a VDSL Modem, and the Zyxel is configured for PPoE. Everything else works fine except for this one and only incoming service I require. I have tried Port Forwarding via the Easy Setup/Port Forwarding route (no joy), then tried to edit the Policy Control for that entry but no joy either. I have put the device in the DNZ - no joy. I am running the latest version on the firmware (as of Nov 2017). Any guidance would be greately appreciated. Thanks in advance.

All Replies

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Normaly there are only two steps to configure NAT from the extranet to your internal network.

    Step 1
    Configure NAT rule from external (WAN) - Port 22 to the destination Network (internal-device-IP) and the internal Port (e.g. also 22). cofigure tcp and/or udp as required.

    Step 2
    Configure a security ploicy (firewall rule) from WAN to DMZ (if located in the DMZ) and source IP = any / Destination IP = the LAN IP from your device / Port = 22
    If you are connecting from internal networks to the device, too - please checkup the NAT Loopback option.

  • andi
    andi Posts: 4  Freshman Member
    First Comment
    edited November 2017
    Dear elkrust,

    some time ago I have had a very similar issue: I was opening ports for the game For Honor  and couldn't understand hot to do it properly. In the end I asked for help at zyxel support site: I did receive a very complete answer and was able to solve my issue. From there I took some notes and wrote them down for future use. Have a look:

    Hope this helps. 

    Best regards,

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited November 2017
    Hello elkrust,
    Just want to confirm your request first, do you want to type the IP address with port number on the web browser to access server?(Remote client access to local server?)
    Secondly, the Port 22 already used by SSH service by default, so if possible, you should change the port which no service occupy.
    Here is an similar example of setting as your reference.
    Remote clients-----(Wan2)USG(Lan2)------Server(port 10000)
    Configure NAT rule and create the policy rule to allow wan to lan with port 10000 on USG.
    1. Add Nat rule and create the policy to allow wan to lan with port 80

    Note: If you insist to allocate port 22 to server, here is the way to configure it.
    Go to Configuration>System>SSH>Change server port to 10000(example)

    After that Go to object>Service>Modify port of SSH_TCP and SSH_UDP to 10000.


Security Highlight