Cisco Cisco Firepower Management Center 4000

12-20

FireSIGHT System User Guide

Chapter 12 Using NAT Policies

Understanding NAT Rule Conditions and Condition Mechanics

Adding Conditions to NAT Rules

License:

Any

Adding conditions to NAT rules is essentially the same for each type of condition. You select from a list
of available conditions on the left, and add the selected conditions to one or two lists of selected
conditions on the right.

For all condition types, you select one or more individual available conditions by clicking on them to
highlight them. You can either click a button between the two types of lists to add available conditions
that you select to your lists of selected conditions, or drag and drop available conditions that you select
into the list of selected conditions.

You can add up to 50 conditions of each type to a list of selected conditions. For example, you can add
up to 50 source zone conditions, up to 50 destination zone conditions, up to 50 source network
conditions, and so on, until you reach the upper limit for the appliance.

The following table describes the actions you can take to select and add conditions to a rule.

Table 12-9

NAT Rule Condition Types

Condition

Description

Supported Defense
Centers

Supported
Devices

Zones

A configuration of one or more routed interfaces where you can
apply NAT policies. Zones provide a mechanism for classifying
traffic on source and destination interfaces, and you can add
source and destination zone conditions to rules. See

Working

with Security Zones, page 5-37

for information on creating

zones using the object manager.

Any

Series 3

Networks

Any combination of individual IP addresses, CIDR blocks, and
prefix lengths, either specified explicitly or using network
objects and groups (see

Working with Network Objects,

page 5-3

). You can add source and destination network

conditions to NAT rules.