Cisco Cisco Firepower Management Center 4000
12-23
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Working with Different Types of Conditions in NAT Rules
Adding Literal Conditions to NAT Rules
License:
Any
You can add a literal value to the list of original and translated conditions for the following condition
types:
types:
•
Networks
•
Ports
For network conditions, you type the literal value in a configuration field below the list of original or
translated conditions.
translated conditions.
In the case of port conditions, you select a protocol from a drop-down list. When the protocol is
All
and,
optionally, when the protocol is
TCP
or
UDP
, you type a port number in a configuration field.
Each relevant conditions page provides the controls needed to add literal values. Values you type in a
configuration field appear as red text if the value is invalid, or until it is recognized as valid. Typed values
change to blue text as you type when they are recognized as valid. A grayed
configuration field appear as red text if the value is invalid, or until it is recognized as valid. Typed values
change to blue text as you type when they are recognized as valid. A grayed
Add
button activates when
a valid value is recognized. Literal values you add appear immediately in the list of selected conditions.
See the following sections for specific details on adding each type of literal value:
•
•
•
Using Objects in NAT Rule Conditions
License:
Any
Objects that you create in the object manager (
Objects > Object Management
) are immediately available for
you to select from relevant lists of available NAT rule conditions. See
for information.
You can also create objects on-the-fly from the NAT policy. A control on relevant conditions pages
provides access to the same configuration controls that you use in the object manager.
provides access to the same configuration controls that you use in the object manager.
Individual objects created on-the-fly appear immediately in the list of available objects. You can add
them to the current rule, and to other existing and future rules. On the relevant conditions page, and also
on the policy Edit page, you can hover your pointer over an individual object to display the contents of
the object, and over a group object to display the number of individual objects in the group.
them to the current rule, and to other existing and future rules. On the relevant conditions page, and also
on the policy Edit page, you can hover your pointer over an individual object to display the contents of
the object, and over a group object to display the number of individual objects in the group.
Working with Different Types of Conditions in NAT Rules
License:
Any
You can match traffic with one or more rule conditions. See the following sections for more information:
•
explains how to match traffic by security zones
that you create using the object manager.
•
and
explain how to match traffic by IP address or address
block.