Cisco Cisco Firepower Management Center 4000
12-3
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Configuring NAT Policies
Caution
In clustered configurations, only select an individual peer interface for a static NAT rule on a clustered
device if all networks affected by the NAT translations are private. Do not use this configuration for
static NAT rules affecting traffic between public and private networks.
device if all networks affected by the NAT translations are private. Do not use this configuration for
static NAT rules affecting traffic between public and private networks.
If you configure dynamic NAT on a device cluster without HA link interfaces established, both clustered
devices independently allocate dynamic NAT entries, and the system cannot synchronize the entries
between devices. See
devices independently allocate dynamic NAT entries, and the system cannot synchronize the entries
between devices. See
for more information.
You can apply NAT policies to a device stack as you would a standalone device. If you establish a device
stack from devices that were included in a NAT policy and had rules associated with interfaces from the
secondary device that was a member of the stack, the interfaces from the secondary device remain in the
NAT policy. You can save and apply policies with the interfaces, but the rules do not provide any
translation. See
stack from devices that were included in a NAT policy and had rules associated with interfaces from the
secondary device that was a member of the stack, the interfaces from the secondary device remain in the
NAT policy. You can save and apply policies with the interfaces, but the rules do not provide any
translation. See
for more information.
The following table summarizes the configuration actions you can take on the NAT policy Edit page.
Managing NAT Policy Targets
License:
Control
Supported Devices:
Series 3
Table 12-1
NAT Policy Configuration Actions
To...
You can...
modify the policy name or
description
description
click the
Name
or
Description
field, delete any characters as needed, then type the new
name or description.
manage policy targets
find more information at
save your policy changes
click
Save
.
save and apply your policy
click
Save and Apply
. See
for more information.
cancel your policy changes
click
Cancel
, then, if you have made changes, click
OK
.
add a rule to a policy
click
Add Rule
. See
for more information.
Tip
You can also right-click an existing rule and select
Insert new rule
.
edit an existing rule
click the edit icon (
) next to the rule. See
for more information.
Tip
You can also right-click the rule and select
Edit
.
delete a rule
click the delete icon (
) next to the rule, then click
OK
.
Tip
To delete one or more selected rules, you can right-click a blank area in the
row for a selected rule, select
row for a selected rule, select
Delete
, then click
OK
.
enable or disable an existing rule
right-click a selected rule, select
State
, then select
Disable
or
Enable
. Disabled rules are
grayed and marked
(disabled)
beneath the rule name.
display the configuration page for a
specific rule attribute
specific rule attribute
click the name, value, or icon in the column for the condition on the row for the rule.
For example, click the name or value in the
For example, click the name or value in the
Source Networks
column to display the
Source Network page for the selected rule. See
for more information.