Control Network Newsletter
Advantages of VPN over Port Forwarding
Port Forwarding is a common technique used to access devices behind a firewall. With Port Forwarding, a firewall rule is set up where an IP port number on the WAN-side is assigned to forward traffic to a specified device and a specified destination IP port number. For example, to access the webpage of a LAN device, a rule allowing access to destination port 80 is required. To allow access to SSH or Telnet, access to ports 22 and 23 are required, respectively. A random IP port number is chosen for the WAN port.
Port Forwarding requires knowledge about the application to setup the rule with the correct IP port number as well as the protocol (UDP or TCP). A separate Port Forwarding rule is required to access each service on each device which can quickly become cumbersome with multiple services and devices.
In contrast, a VPN provides access to the device by creating a connection to the IP router or firewall that can be used to access all devices behind the firewall. No individual rules need to be setup and knowledge about the application protocol is also not required. A VPN also provides the added benefit of security with data encryption. This is certainly useful if remotely accessing devices over the Internet. Some protocols, such as Telnet, send the login information over plain-text.
With Port Forwarding over Internet, anyone with the knowledge of the Public IP of the firewall can access a device. VPNs require the use of keys and certificates for the VPN client devices to initiate connections, thereby only allowing access from authorized users provided with them. This is not to say that Port Forwarding should never be used. It is an acceptable practice for internal networks or machine cells that need to be accessed from an OT infrastructure. For access to remote job sites from the convenience of the home or office, VPNs should be used instead of Port Forwarding.
Contemporary Controls provides a wide range of IP routers supporting these features to satisfy any use case. To learn more, visit the IP routers product page.