We have an equipment within our network that needs to communicate with port 9090.
I followed all this forum topics related with this port but it still does not work.
When I do a port check (website ping.eu), it says that port 9090 is closed. What might I be missing on the setup?
Attached I have the configuration dump.

Thank you.

To be clear, equipment going out on port 9090 needs no special rules.
However you may possibly have wanted to communicate that unsolicited WAN incoming with destination for that equipment over port 9090 - which makes more sense.

So lets take a look at the two requirements, NAT rules and associated FW rule (and if really good source address list which limits allowed incoming WAN IPs)
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=9090 protocol=\
tcp src-address=192.168.11.253 to-ports=9090
add action=dst-nat chain=dstnat dst-address=192.168.11.253 dst-port=9090 \
protocol=tcp src-address=0.0.0.0/0 to-ports=9090
add action=dst-nat chain=dstnat dst-port=9090 protocol=tcp src-address-list=\
"" to-ports=9090

only need one rule the rest don't make sense...…………. at least to me.
add action=dst-nat chain=dstnat in-interface-list=WAN dst-port=9090 \
protocol=tcp to-addresses=IP address of electrical device

I also find your firewall filter rules way too complicated.

Besides, the default rules, at then of both input and forward chains add a drop all else rule.
Between the default rules and the drop rules ADD only the traffic you wish to ALLOW!!
Use Source address lists where appropriate
Create and use interface list members where appropriate.

The one firewall rule you will need to allow destination nat packets to flow across the firewall
is one in the forward chain.
add action=accept chain=forward in-interface-list=wan (or in-interface=wan for only one ISP)\
connection-nat-state=dstnat

A diagram would be helpful as well in terms of ISP to ROUTER to electrical device and IP and vlan nomenclature the connected parts would use.

Hi Anav
Thank you for your reply.
This is the diagram for the current setup. Shortly I will discontinue 2 WAN links, so I am concentrating on the WAN_F100.
The machine for which I need to open the door is behind the second router (on a second building). That router has NAT so on the first router I only see the router
But the problem is that I am not even able to reach the port 9090 on main router from the Internet. I agree that I have too many configurations but I have been trying to open that door and I have not yet cleaned up the code.
I tried the setup that you proposed, but it still returns as closed port.

Hi there steve.
The port if forwarded should show up as closed that is normal
If you refine and limit access to your server via the nat rule by using a source address list, there is the added benefit that the port it invisible to scanning.
With the two rules I noted, my forwarded ports, without an address list, show as closed. This is normal.
Have you tried to access the device from an external wanip as a test yet??

So the RB feeds two managed switches?
Reason I ask is that you have two feeds (two eth ports to the same switch and that could cause issues).
How are you segregating them apart?

Thank you for your clear answer. I will ask my customer to test the port with the application instead of using this online test.
When you mention that I use tow ethernet ports for the same switch, is it because I only represented 1 switch on the second router? In fact there are more switches, but I tried to make it easier for this conversation. also, as the second router is using NAT, I believe that I will not need to identify the several ranges on first router.

Thank you very much for your help