Cisco Cisco Firepower Management Center 4000

12-29

FireSIGHT System User Guide

Chapter 12 Using NAT Policies

Working with Different Types of Conditions in NAT Rules

Caution

If a port object or object group is being used by a NAT rule, and you change or delete the object or group,
it can cause the rule to become invalid.

You can add any of the following kinds of port conditions to a NAT rule:

•

individual and group port objects that you have created using the object manager

See

Working with Port Objects, page 5-11

for information on creating individual and group port

objects using the object manager.

•

individual port objects that you add from the Destination Ports conditions page, and can then add to
your rule and to other existing and future rules

See

Using Objects in NAT Rule Conditions, page 12-23

for more information.

•

literal port values, consisting of a TCP, UDP, or All (TCP and UDP) transport protocol and a port

See

Adding Literal Conditions to NAT Rules, page 12-23

for more information.

The following procedure explains how to add port conditions while adding or editing a NAT rule. See

Understanding NAT Rule Conditions and Condition Mechanics, page 12-19

for more detailed

information.

To add destination port conditions to a NAT rule:

Access:

Admin/Network Admin

Step 1

Select the

Destination Port

tab on the rule Edit page.

The Destination Port page appears.

Step 2

Optionally, click the

Search by name or value

prompt above the

Available Ports

list, then type a name or

value.

The list updates as you type to display matching conditions. See

Searching NAT Rule Condition Lists,

page 12-22

for more information.

Step 3

Click a condition in the

Available Ports

list. Use the Shift and Ctrl keys to select multiple conditions, or

right-click to select all conditions. Note that you can add a maximum of 50 conditions.

Conditions you select are highlighted.

Step 4

You have the following choices:

•

Click

Add to Original

to add the selected port to the Original Ports list.

•

Click

Add to Translated

to add the selected port to the Translated Ports list.

•

Drag and drop available ports into a list.

Step 5

Optionally, to create and add an individual port object click the add icon (

) above the

Available Ports

list.

You can identify a single port or a port range in each port object that you add. You can then select objects
you added as conditions for your rule. See

Using Objects in NAT Rule Conditions, page 12-23

for more

information.

For static rules, you can use only port objects with single ports.

Step 6

Optionally, to add a literal port select an entry from the

Protocol

drop-down list beneath the

Original Port

Translated Port

lists.

Enter a port, then click

Add

. You can specify a port number from 0 through 65535. For dynamic rules,

you can specify a single port or a range.