Cisco Cisco Firepower Management Center 4000

Page of 1844
 
12-5
FireSIGHT System User Guide
 
Chapter 12      Using NAT Policies
  Organizing Rules in a NAT Policy
Step 4
Optionally, click the 
Search
 prompt above the 
Available Devices
 list, then type a name.
The list updates as you type to display matching devices. You can click the clear icon (
) to clear the 
list.
Step 5
Click the device, stack, cluster, or device group you want to add. Use Ctrl and Shift to select multiple 
devices.
Tip
You can also right-click an available device, then click 
Select All
.
Step 6
Click 
Add to Policy
.
Selected devices are added.
Tip
You can also drag and drop to add devices.
Step 7
Optionally, click the delete icon (
) to delete a device from the list of selected devices; or, use the Ctrl 
and Shift keys to select multiple devices, right-click, then select 
Delete Selected
.
Step 8
Click 
Save
 to save your configuration, or click 
Cancel
 to discard it.
Organizing Rules in a NAT Policy
License: 
Any
The Edit page for the NAT policy lists static NAT rules and dynamic NAT rules separately. The system 
sorts static rules alphabetically by name, and you cannot change the display order. You cannot create 
static rules with identical matching values. The system inspects static translations for a match before it 
inspects any dynamic translations.
Dynamic rules are processed in numerical order. The numeric position of each dynamic rule appears on 
the left side of the page next to the rule. You can move or insert dynamic rules and otherwise change the 
rule order. For example, if you move dynamic rule 10 under dynamic rule 3, rule 10 becomes rule 4 and 
all subsequent numbers increment accordingly.
A dynamic rule’s position is important because the system compares packets to dynamic rules in the 
rules' numeric order on the policy Edit page. When a packet meets all the conditions of a dynamic rule, 
the system applies the conditions of that rule to the packet and ignores all subsequent rules for that 
packet.
Optionally, you can specify a dynamic rule’s numeric position when you add or edit a dynamic rule. You 
can also highlight a dynamic rule before adding a new dynamic rule to insert the new rule below the rule 
you highlighted. See 
.
You can select one or more dynamic rules by clicking a blank space in the row for the rule. You can drag 
and drop selected dynamic rules into a new location, thereby changing the position of the rules you 
moved and all subsequent rules. 
You can cut or copy selected rules and paste them above or below an existing rule. You can only paste 
static rules in the Static Translations list and only dynamic rules in the Dynamic Translations list. You 
can also delete selected rules and insert new rules into any location in the list of existing rules.