Forwarding Service Object (Egress / East-West)

Forwarding service objects are used in the forwarding rules. The traffic that matches this type of rule/service is not proxied, and is forwarded as-is. This means there is no deep packet inspection and no Application ID on encrypted traffic.

Note	We strongly recommend using this for East-West traffic.

Use the following procedure to create and add a forwarding service object:

Procedure

Step 1

Navigate to Manage > Security Policies > Services.

Step 2

Click Create.

Step 3

Click Forwarding.

Step 4

Provide a name and description.

Step 5

Multicloud Defense supports source NAT on a per service level. For traffic that requires source IP preservation(e.g. East-West traffic), disable SNAT.

For Egress traffic, SNAT must always be enabled.

Step 6

Configure port parameters as defined below.


Option	description
Dst Port	Assign a destination port or a range of destination ports as `start-end`.
Protocol	TCP, UDP, ICMP

Note	In a forwarding policy, deep packet inspection operations only occur on non-encrypted traffic.