Cisco Cisco Firepower Management Center 4000 Manual

Page of 1844
 
12-7
FireSIGHT System User Guide
 
Chapter 12      Using NAT Policies
  Managing NAT Policies
If you create a rule that causes the NAT policy to fail upon apply, an error icon (
) appears next to the 
rule. An error occurs if there is a conflict in the static rules, or if you edit a network object used in the 
policy that now makes the policy invalid. For example, an error occurs if you change a network object 
to use only IPv6 addresses and the rule that uses that object no longer has any valid networks where at 
least one network is required. Error icons appear automatically; you do not have to click 
Show Warnings
.
Managing NAT Policies
License: 
Control
Supported Devices: 
Series 3
On the NAT policy page (
Devices > NAT
), you can view all your current NAT policies by name with 
optional description and the following status information:
  •
when a policy is up to date on targeted devices, in green text
  •
when a policy is out of date on targeted devices, in red text
Options on this page allow you to compare policies, create a new policy, apply a policy to targeted 
devices, copy a policy, view a report that lists all of the most recently saved settings in each policy, and 
edit a policy.
Note
After you have applied a NAT policy to a managed device, you cannot delete the policy, even if it is out 
of date. Instead, you must apply a NAT policy with no rules to remove the applied NAT rules from the 
managed device.
The following table describes the actions you can take to manage your policies on the NAT policy page.
Table 12-4
Preempted Rule Warning Actions 
To...
You can...
show warnings
click 
Show Warnings
. The page updates with an warning icon (
) next to 
each preempted rule.
display the warning for a 
rule
hover your pointer over the warning icon (
) next to a rule. A message 
indicates which rule preempts the rule.
clear warnings
click 
Hide Warnings
. The page refreshes and the warnings disappear. 
Tip
Any action that refreshes the page, such as adding or editing a 
rule, or clicking the reload icon (
), also clears warnings.
Table 12-5
NAT Policy Management Actions 
To...
You can...
create a new NAT policy
click 
New Policy
. See 
 for more 
information.
modify the settings in an existing NAT policy
click the edit icon (
). See 
 for more 
information.
apply a NAT policy to all devices targeted for 
the policy
click the policy apply icon (
). See 
more information.
downloadlike
ArtboardArtboardArtboard
Report Bug