Cisco Cisco Firepower Management Center 4000
12-7
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Managing NAT Policies
If you create a rule that causes the NAT policy to fail upon apply, an error icon (
) appears next to the
rule. An error occurs if there is a conflict in the static rules, or if you edit a network object used in the
policy that now makes the policy invalid. For example, an error occurs if you change a network object
to use only IPv6 addresses and the rule that uses that object no longer has any valid networks where at
least one network is required. Error icons appear automatically; you do not have to click
policy that now makes the policy invalid. For example, an error occurs if you change a network object
to use only IPv6 addresses and the rule that uses that object no longer has any valid networks where at
least one network is required. Error icons appear automatically; you do not have to click
Show Warnings
.
Managing NAT Policies
License:
Control
Supported Devices:
Series 3
On the NAT policy page (
Devices > NAT
), you can view all your current NAT policies by name with
optional description and the following status information:
•
when a policy is up to date on targeted devices, in green text
•
when a policy is out of date on targeted devices, in red text
Options on this page allow you to compare policies, create a new policy, apply a policy to targeted
devices, copy a policy, view a report that lists all of the most recently saved settings in each policy, and
edit a policy.
devices, copy a policy, view a report that lists all of the most recently saved settings in each policy, and
edit a policy.
Note
After you have applied a NAT policy to a managed device, you cannot delete the policy, even if it is out
of date. Instead, you must apply a NAT policy with no rules to remove the applied NAT rules from the
managed device.
of date. Instead, you must apply a NAT policy with no rules to remove the applied NAT rules from the
managed device.
The following table describes the actions you can take to manage your policies on the NAT policy page.
Table 12-4
Preempted Rule Warning Actions
To...
You can...
show warnings
click
Show Warnings
. The page updates with an warning icon (
) next to
each preempted rule.
display the warning for a
rule
rule
hover your pointer over the warning icon (
) next to a rule. A message
indicates which rule preempts the rule.
clear warnings
click
Hide Warnings
. The page refreshes and the warnings disappear.
Tip
Any action that refreshes the page, such as adding or editing a
rule, or clicking the reload icon (
rule, or clicking the reload icon (
), also clears warnings.
Table 12-5
NAT Policy Management Actions
To...
You can...
create a new NAT policy
click
New Policy
. See
for more
information.
modify the settings in an existing NAT policy
click the edit icon (
). See
for more
information.
apply a NAT policy to all devices targeted for
the policy
the policy
click the policy apply icon (
). See
more information.