Port forwarding, also known as port mapping or DNAT (destination network address translation), is a simple way to allow remote connection to a local-only network device. This is done by forwarding traffic from the internet to a specific internal network-connected device. The “translation” part of DNAT implies a change in the destination IP address for the data. In relation to ControlByWeb® devices, port forwarding allows users to securely access modules from the internet.
Port forwarding for your industrial IoT devices brings benefits such as real-time remote device monitoring and control, minimized equipment downtime, and simplified maintenance and troubleshooting. The ability to monitor sensitive applications in real time is crucial in many industrial applications—ask any obstruction lighting monitor. However, it also introduces potential security risks that must be managed effectively.
📶 Related: 7 Ways Cellular Networking Improves IoT Security.
Another route to remote connectivity are SIM-enabled controllers, which comes with their own set of benefits and security concerns. Learn more in this related article.
Best Practices for Secure Port Forwarding
As with any internet-accessible device, port forwarding does come with potential security risks. Here are common-sense ways you can maintain the integrity of your system:
- Implement strong authentication: Ensure that both your router and ControlByWeb devices are protected using strong, unique usernames and passwords.
- Whitelist IP addresses: Configure your router to only allow access from trusted IP addresses. This adds an extra layer of security by restricting who can connect to your devices.
- Series 4 modules offer a simple IP firewall to further limit access to selected IP addresses. Learn more in the 400 Series user manual.
- Regularly update device firmware: Keep the firmware of your router up to date to protect against vulnerabilities and security threats.
- ControlByWeb devices are secure by design, with available HTTPS encrypted communication and no built-in OS or file system.
- Use a VPN: For enhanced security, consider using a Virtual Private Network (VPN) to access your ControlByWeb devices remotely instead of relying solely on port forwarding.
- Monitor access logs and system activity: Regularly review system history to detect and respond to any suspicious behavior.
- Refer to regulatory: When in doubt, adhere to industry standards for network security to protect against cyber threats. This includes guidelines from organizations like the National Institute of Standards and Technology (NIST).1
- Know your port: Dynamic port forwarding allows for the automatic allocation of ports for enhanced flexibility—useful in environments where devices frequently connect and disconnect. In contrast, static port forwarding involves manually setting up forwarding rules. This gives greater control and predictability. By knowing which ports are open and to which devices they are mapped, admins can better manage network traffic and security.
- Avoid extra port access: An easy mistake is to allow too much access. This could be additional ports not required for external access or remote access to unintended devices.
🔐 An open door to bad actors?
Importantly, “opening” a port doesn’t necessarily make it open to the whole world. Traffic is only forwarded to a specified machine. If the machine is turned off, the port is unavailable, or a firewall is active, no intruder can access the machine.
Case Study: Agricultural Monitoring
A large agricultural company implemented port forwarding to remotely monitor and control irrigation systems using ControlByWeb devices. The ability to access these systems from anywhere resulted in significant water savings and improved crop yields. The company benefited from reduced travel costs and quicker response times to system alerts. It also reduced their calls to our support staff.
5 Steps to Set Up Port Forwarding
To set up port forwarding for your ControlByWeb devices, follow these steps:
- Access your router’s configuration interface (typically at 192.168.1.1 or 192.168.0.1).
- Navigate to the port forwarding settings (often found under “Advanced” or “NAT”).
- Create a new rule specifying your ControlByWeb device’s internal IP address.
- Configure the appropriate ports (80 for HTTP or 443 for HTTPS).
- Select TCP as the protocol for web-based access.
For more details, refer to ControlByWeb’s networking and security guides.
Could Port Forwarding Impact Your Business?
Port forwarding is a powerful way to enhance connectivity and control of industrial IoT devices. Robust security measures can go a long way in mitigating the risks of managing an internet-connected system. By following best practices, businesses can leverage port forwarding to achieve significant efficiency increases and real-time device and data access.
For help with your industrial application, contact our team or schedule a 15-minute product demo.
Determine the best products for your application with our Sales Engineers.
Subscribe to Our Newsletter
Subscribe to Our Newsletter
Sign up for our newsletter to receive information regarding new products and exclusive offers.
Follow Us on Social
References
1. National Institute of Standards and Technology. (n.d.). NIST. U.S. Department of Commerce. Retrieved February 5, 2025, from https://www.nist.gov/
