Cisco Cisco Firepower Management Center 4000
12-16
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Creating and Editing NAT Rules
The web interface for adding or editing a rule is similar. You specify the rule name, state, type, and
position (if dynamic) at the top of the page. You build conditions using the tabs on the left side of the
page; each condition type has its own tab.
position (if dynamic) at the top of the page. You build conditions using the tabs on the left side of the
page; each condition type has its own tab.
The following list summarizes the configurable components of a NAT rule.
Name
Give each rule a unique name. You can use up to thirty printable characters, including spaces and
special characters, with the exception of the colon (
special characters, with the exception of the colon (
:
).
Rule State
By default, rules are enabled. If you disable a rule, the system does not use it to evaluate network
traffic for translation. When viewing the list of rules in a NAT policy, disabled rules are grayed out,
although you can still modify them.
traffic for translation. When viewing the list of rules in a NAT policy, disabled rules are grayed out,
although you can still modify them.
Type
A rule’s type determines how the system handles traffic that matches the rule’s conditions. When
you create and edit NAT rules, the configurable components vary according to rule type.
you create and edit NAT rules, the configurable components vary according to rule type.
For detailed information on rule types and how they affect translation and traffic flow, see
.
Position (Dynamic Rules Only)
Dynamic rules in a NAT policy are numbered, starting at 1. The system matches traffic to NAT rules
in top-down order by ascending rule number.
in top-down order by ascending rule number.
When you add a rule to a policy, you specify its position by placing it
above
or
below
a specific rule,
using rule numbers as a reference point. When editing an existing rule, you can
Move
the rule in a
similar fashion. For more information, see
Conditions
Rule conditions identify the specific traffic you want to translate. Conditions can match traffic by
any combination of multiple attributes, including security zone, network, and transport protocol
port.
any combination of multiple attributes, including security zone, network, and transport protocol
port.
For detailed information on adding conditions, see
To create or edit a NAT rule:
Access:
Admin/Network Admin
Step 1
Select
Devices > NAT
.
The NAT page appears.
Step 2
Click the edit icon (
) next to the NAT policy where you want to add a rule.
The NAT policy Edit page appears.
Step 3
Add a new rule or edit an existing rule:
•
To add a new rule, click
Add Rule
.
•
To edit an existing rule, click the edit icon (
) next to the rule you want to edit.
Either the Add Rule or the Editing Rule page appears.