Hi @Suren_Konathala,
If you are forwarding an external IP to an internal IP (i.e. the external IP is not a local network interface), you still need to have appropriate firewall restrictions for the external IP.
From the mongod 's point of view, any forwarded requests will appear to be via the internal IP. The bindIp configuration only specifies the local IP addresses the process is listening to; it is not a firewall.
Binding to 0.0.0.0 (aka bindIpAll) configures your process to listen to all local network interfaces, which would be equivalent to binding to localhost and the private IP (if the external IP is not a local interface). Binding to specific network interfaces (rather than all) is a better approach to avoid accidentally having an instance listening to a public network interface added after initial configuration
The ingress configuration on your firewall can be used to limit remote connections to trusted network ranges. You should also enable TLS/SSL (and other measures in the Security Checklist) to secure your deployment.
Regards,
Stennie