Cisco Cisco FirePOWER Appliance 8130
12-20
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Understanding NAT Rule Conditions and Condition Mechanics
Adding Conditions to NAT Rules
License:
Any
Adding conditions to NAT rules is essentially the same for each type of condition. You select from a list
of available conditions on the left, and add the selected conditions to one or two lists of selected
conditions on the right.
of available conditions on the left, and add the selected conditions to one or two lists of selected
conditions on the right.
For all condition types, you select one or more individual available conditions by clicking on them to
highlight them. You can either click a button between the two types of lists to add available conditions
that you select to your lists of selected conditions, or drag and drop available conditions that you select
into the list of selected conditions.
highlight them. You can either click a button between the two types of lists to add available conditions
that you select to your lists of selected conditions, or drag and drop available conditions that you select
into the list of selected conditions.
You can add up to 50 conditions of each type to a list of selected conditions. For example, you can add
up to 50 source zone conditions, up to 50 destination zone conditions, up to 50 source network
conditions, and so on, until you reach the upper limit for the appliance.
up to 50 source zone conditions, up to 50 destination zone conditions, up to 50 source network
conditions, and so on, until you reach the upper limit for the appliance.
The following table describes the actions you can take to select and add conditions to a rule.
Table 12-9
NAT Rule Condition Types
Condition
Description
Supported Defense
Centers
Centers
Supported
Devices
Devices
Zones
A configuration of one or more routed interfaces where you can
apply NAT policies. Zones provide a mechanism for classifying
traffic on source and destination interfaces, and you can add
source and destination zone conditions to rules. See
apply NAT policies. Zones provide a mechanism for classifying
traffic on source and destination interfaces, and you can add
source and destination zone conditions to rules. See
for information on creating
zones using the object manager.
Any
Series 3
Networks
Any combination of individual IP addresses, CIDR blocks, and
prefix lengths, either specified explicitly or using network
objects and groups (see
prefix lengths, either specified explicitly or using network
objects and groups (see
). You can add source and destination network
conditions to NAT rules.
Any
Series 3
Destination Ports Transport protocol ports, including individual and group port
objects you create based on transport protocols. See
for information on creating
individual and group transport protocol objects using the object
manager.
manager.
Any
Series 3
Table 12-10
Adding Conditions to NAT Rules
To...
You can...
select available conditions to add to a
list of selected conditions
list of selected conditions
click the available condition; use the Ctrl and Shift keys to
select multiple conditions.
select multiple conditions.
select all listed available conditions
right-click the row for any available condition, then click
Select All
.
search a list of available conditions or
filters
filters
click inside the
Search
field and type a search string. See
for more
information.