Triggered ports are somehow more secure than traditional static port-forwarding but they are limited to certain applications amd the traffic needs to be initiated from the LAN towards Internet first. When a certain traffic patter is identified a preconfigured port-mapping inbound occurs.
The image below represents the default Triggered Port Forwarding page. It's disabled but if it wasn't it would listen to any communication from LAN towards Internet looking specifically for packets destined within port range 3000-4000. If the matching criteria is satisfied Tomato will automatically enable port forwarding inbound on port range 5000-6000 towards the LAN IP that originated the request.
After how long are they removed?
Trigger Ports: the monitoring ports outbound
Forwarded Ports: The port/s to be mapped when triggered
Description: free text