Cisco Cisco FirePOWER Appliance 7020
12-5
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Organizing Rules in a NAT Policy
Step 4
Optionally, click the
Search
prompt above the
Available Devices
list, then type a name.
The list updates as you type to display matching devices. You can click the clear icon (
) to clear the
list.
Step 5
Click the device, stack, cluster, or device group you want to add. Use Ctrl and Shift to select multiple
devices.
devices.
Tip
You can also right-click an available device, then click
Select All
.
Step 6
Click
Add to Policy
.
Selected devices are added.
Tip
You can also drag and drop to add devices.
Step 7
Optionally, click the delete icon (
) to delete a device from the list of selected devices; or, use the Ctrl
and Shift keys to select multiple devices, right-click, then select
Delete Selected
.
Step 8
Click
Save
to save your configuration, or click
Cancel
to discard it.
Organizing Rules in a NAT Policy
License:
Any
The Edit page for the NAT policy lists static NAT rules and dynamic NAT rules separately. The system
sorts static rules alphabetically by name, and you cannot change the display order. You cannot create
static rules with identical matching values. The system inspects static translations for a match before it
inspects any dynamic translations.
sorts static rules alphabetically by name, and you cannot change the display order. You cannot create
static rules with identical matching values. The system inspects static translations for a match before it
inspects any dynamic translations.
Dynamic rules are processed in numerical order. The numeric position of each dynamic rule appears on
the left side of the page next to the rule. You can move or insert dynamic rules and otherwise change the
rule order. For example, if you move dynamic rule 10 under dynamic rule 3, rule 10 becomes rule 4 and
all subsequent numbers increment accordingly.
the left side of the page next to the rule. You can move or insert dynamic rules and otherwise change the
rule order. For example, if you move dynamic rule 10 under dynamic rule 3, rule 10 becomes rule 4 and
all subsequent numbers increment accordingly.
A dynamic rule’s position is important because the system compares packets to dynamic rules in the
rules' numeric order on the policy Edit page. When a packet meets all the conditions of a dynamic rule,
the system applies the conditions of that rule to the packet and ignores all subsequent rules for that
packet.
rules' numeric order on the policy Edit page. When a packet meets all the conditions of a dynamic rule,
the system applies the conditions of that rule to the packet and ignores all subsequent rules for that
packet.
Optionally, you can specify a dynamic rule’s numeric position when you add or edit a dynamic rule. You
can also highlight a dynamic rule before adding a new dynamic rule to insert the new rule below the rule
you highlighted. See
can also highlight a dynamic rule before adding a new dynamic rule to insert the new rule below the rule
you highlighted. See
.
You can select one or more dynamic rules by clicking a blank space in the row for the rule. You can drag
and drop selected dynamic rules into a new location, thereby changing the position of the rules you
moved and all subsequent rules.
and drop selected dynamic rules into a new location, thereby changing the position of the rules you
moved and all subsequent rules.
You can cut or copy selected rules and paste them above or below an existing rule. You can only paste
static rules in the Static Translations list and only dynamic rules in the Dynamic Translations list. You
can also delete selected rules and insert new rules into any location in the list of existing rules.
static rules in the Static Translations list and only dynamic rules in the Dynamic Translations list. You
can also delete selected rules and insert new rules into any location in the list of existing rules.