> You can host stuff on your network that is accessible outside of it without port forwarding
Why is this an advantage? As in, what's the downside to having to port forward?
> You can host stuff on your network that is accessible outside of it without port forwarding
Why is this an advantage? As in, what's the downside to having to port forward?
Because port forwarding is done in addition to firewall rules. So it is extra work. And because a lot of devices can’t do UPnP. And because port forwarding at a “large” scale is not good. There are only so many ports.
> So it is extra work
It really isn't, it's the same declaration in your config, and then your automation makes your devices make it happen.
Depends on what you are using for your router and your firewall. Not everything runs on an Asus router from Best Buy.
My fortigate clusters do both natting and session based firewalls. I configure them via a pull request into git which is approved by a second person and applies the config automatically.
I assume that Palo Alto have similar APIs.
My routers don't do anything at layer 4, the fortigates advertise default routes via BGP into the core switches, which route everything.
Now of course you need to make sure that your traffic going out of one firewall comes back via the same firewall, that's trivial to handle though, and is required for session based firewalling.
Plesae don't tell me that "ipv6 is better" because you are still logging into network devices and making changes like its 1999?
You can set up p2p connections using a server only to do connection setup/firewall punching instead of relaying all traffic (e.g. for voice/video calling or hosting a game). You can also have more than 1 computer using the same port on a network.