Cisco Cisco Firepower Management Center 4000

If a network object or object group is being used by a NAT rule, and you change or delete the object or 
group, it can cause the rule to become invalid.

You can add any of the following kinds of source network conditions to a dynamic NAT rule:

individual and group network objects that you have created using the object manager

See 

 for information on creating individual and group 

network objects using the object manager.

individual network objects that you add from the Source Network conditions page, and can then add 
to your rule and to other existing and future rules

See 

 for more information.

literal, single IP addresses, ranges, or address blocks

See 

 for more information.

The following procedure explains how to add source network conditions while adding or editing a 
dynamic NAT rule. See 

 for 

more detailed information.

Admin/Network Admin

Select the 

 tab on the rule Edit page.

The Source Network page appears.

Optionally, click the 

 prompt above the 

 list, then type a name or 

value.

The list updates as you type to display matching conditions. See 

 for more information.

Click a condition in the 

 list. Use the Shift and Ctrl keys to select multiple conditions, 

or right-click and then click 

. 

Conditions you select are highlighted.

You have the following choices:

To match traffic by original source network, click 

.

To specify the translation value for traffic that matches the translated source network, click 

.

Alternatively, you can drag and drop selected conditions into the 

 or 

 lists.

Conditions you selected are added.

Optionally, click the add icon (

) above the 

 list to add an individual network object.

You can add multiple IP addresses, CIDR blocks, and prefix lengths to each network object.

Optionally, you can then select the object you added. See 

 and 

 for more information.

Optionally, click the 

 prompt below the 

 or 

 list; then type an IP address, range, or address block and click 

.