Cisco Cisco FirePOWER Appliance 7020
12-19
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Understanding NAT Rule Conditions and Condition Mechanics
Understanding NAT Rule Conditions and Condition Mechanics
License:
Any
You can add conditions to NAT rules to identify the type of traffic that matches the rule. For each
condition type, you select conditions you want to add to a rule from a list of available conditions. When
applicable, condition filters allow you to constrain available conditions. Lists of available and selected
conditions may be as short as a single condition or many pages long. You can search available conditions
and display only those matching a typed name or value in a list that updates as you type.
condition type, you select conditions you want to add to a rule from a list of available conditions. When
applicable, condition filters allow you to constrain available conditions. Lists of available and selected
conditions may be as short as a single condition or many pages long. You can search available conditions
and display only those matching a typed name or value in a list that updates as you type.
Depending on the type of condition, lists of available conditions may be comprised of a combination of
conditions provided directly by Cisco or configured using other FireSIGHT System features, including
objects created using the object manager (
conditions provided directly by Cisco or configured using other FireSIGHT System features, including
objects created using the object manager (
Objects > Object Management
), objects created directly from
individual conditions pages, and literal conditions.
See the following sections for information on specifying rule conditions:
•
defines the different types of rule conditions.
•
describes the controls used to select and add rule
conditions.
•
explains how to search available conditions and
display only those matching a typed name or value in a list that updates as you type.
•
explains how to add literal conditions to a rule.
•
explains how to add individual objects to the
system from the configuration pages for relevant condition types.
Understanding NAT Rule Conditions
License:
Any
You can set a NAT rule to match traffic meeting any of the conditions described in the following table:
Table 12-8
Available NAT Rule Condition Types per NAT Rule Type
Condition
Static
Dynamic (IP Only or IP + Port)
Source Zones
Optional
Optional
Destination Zones
Not allowed
Optional
Original Source Networks
Not allowed
Optional
Translated Source Networks
Not allowed
Required
Original Destination Networks
Required
Optional
Translated Destination Networks
Optional; single address only
Not allowed
Original Destination Ports
Optional; single port only, and only
allowed if you define the original
destination network
allowed if you define the original
destination network
Optional
Translated Destination Ports
Optional; single port only, and only
allowed if you define the original
destination port
allowed if you define the original
destination port
Not allowed