Cisco Cisco Firepower Management Center 4000

Page of 1844
 
12-19
FireSIGHT System User Guide
 
Chapter 12      Using NAT Policies
  Understanding NAT Rule Conditions and Condition Mechanics
 
Understanding NAT Rule Conditions and Condition Mechanics
License: 
Any
You can add conditions to NAT rules to identify the type of traffic that matches the rule. For each 
condition type, you select conditions you want to add to a rule from a list of available conditions. When 
applicable, condition filters allow you to constrain available conditions. Lists of available and selected 
conditions may be as short as a single condition or many pages long. You can search available conditions 
and display only those matching a typed name or value in a list that updates as you type.
Depending on the type of condition, lists of available conditions may be comprised of a combination of 
conditions provided directly by Cisco or configured using other FireSIGHT System features, including 
objects created using the object manager (
Objects > Object Management
), objects created directly from 
individual conditions pages, and literal conditions.
See the following sections for information on specifying rule conditions:
  •
 defines the different types of rule conditions.
  •
 describes the controls used to select and add rule 
conditions.
  •
 explains how to search available conditions and 
display only those matching a typed name or value in a list that updates as you type.
  •
 explains how to add literal conditions to a rule.
  •
 explains how to add individual objects to the 
system from the configuration pages for relevant condition types.
Understanding NAT Rule Conditions
License: 
Any
You can set a NAT rule to match traffic meeting any of the conditions described in the following table:
Table 12-8
Available NAT Rule Condition Types per NAT Rule Type 
Condition
Static
Dynamic (IP Only or IP + Port)
Source Zones
Optional
Optional
Destination Zones
Not allowed
Optional
Original Source Networks
Not allowed
Optional
Translated Source Networks
Not allowed
Required
Original Destination Networks
Required
Optional
Translated Destination Networks
Optional; single address only
Not allowed
Original Destination Ports
Optional; single port only, and only 
allowed if you define the original 
destination network
Optional
Translated Destination Ports
Optional; single port only, and only 
allowed if you define the original 
destination port
Not allowed