topic Re: Inbound NAT on FDM help in Network Security

Inbound NAT on FDM help

Ash Roberts — Wed, 03 Dec 2025 18:39:14 GMT

Hi all we are trying to allow external access inbound to a SQL server on port 1433. Can't seem to get this to work and i think its clearly my understanding but the NAT rule is as follows:

Outside -> Inside
Original Packet:
Source <Public IP> Port 1433
destination <SQL Server Internal IP> port 1433

Translated Packet
Source <Public IP> port 1433
Destination <SQL Server Internal IP> port 1433

I then have an ACL to allow traffic through. this is not working. Examples of inbound seem limited but ones i am reading are saying NAT the inside to public IP first so it works in other direction also (bi-directional). Then control the flow with the ACL?

Any help or advice on theory would be great thank you.

Re: Inbound NAT on FDM help

Rob Ingram — Wed, 03 Dec 2025 18:47:18 GMT

@Ash Roberts the source and destination port of the original/translated packet won't both be tcp/1433. Have a look at the example at the "inbound access" section of this post. If you still have a problem, please run packet-tracer from the CLI and provide the output.

Re: Inbound NAT on FDM help

Ash Roberts — Wed, 03 Dec 2025 18:57:24 GMT

@Rob Ingram Thank you finally a decent example!

If i want to lock this down from a specific public IP do i do this part in the ACL and leave the NAT rule as per the example?

Thanks

Re: Inbound NAT on FDM help

Rob Ingram — Wed, 03 Dec 2025 19:00:06 GMT

@Ash Roberts yes, I would restrict the source in the Access Control (ACL) rule.