https://community.cisco.com/t5/network-security/intercept-and-redirect-traffic/m-p/3945206#M936197 <P>On a FMC/FTD environment, any ideas how to intercept and redirect NTP and/or DNS traffic from specific clients? There are a few appliances with hardcoded NTP/DNS entries, which I would totally prefer to use my internal systems to provide them access to these resources, instead of blocking them, or letting them go thru on their own. The catch is, I don't always know the destination IP address - particularly true for the pool of NTP servers.</P><P>&nbsp;</P><P>I know I can do a static NAT when I do know the destination address(es): have this working on a similar scenario, but with the randomness of the NTP pool of servers, this is pretty tricky...</P><P>&nbsp;</P><P>[Edit] Well, never mind: it seems I can add my very own "IPv4-Any" object instead of trying to use the system provided "any-ipv4", and that does the trick.</P><P>&nbsp;</P><P>Thanks!</P> Fri, 21 Feb 2020 17:36:59 GMT HQuest 2020-02-21T17:36:59Z https://community.cisco.com/t5/network-security/intercept-and-redirect-traffic/m-p/3945206#M936197 <P>On a FMC/FTD environment, any ideas how to intercept and redirect NTP and/or DNS traffic from specific clients? There are a few appliances with hardcoded NTP/DNS entries, which I would totally prefer to use my internal systems to provide them access to these resources, instead of blocking them, or letting them go thru on their own. The catch is, I don't always know the destination IP address - particularly true for the pool of NTP servers.</P><P>&nbsp;</P><P>I know I can do a static NAT when I do know the destination address(es): have this working on a similar scenario, but with the randomness of the NTP pool of servers, this is pretty tricky...</P><P>&nbsp;</P><P>[Edit] Well, never mind: it seems I can add my very own "IPv4-Any" object instead of trying to use the system provided "any-ipv4", and that does the trick.</P><P>&nbsp;</P><P>Thanks!</P> Fri, 21 Feb 2020 17:36:59 GMT https://community.cisco.com/t5/network-security/intercept-and-redirect-traffic/m-p/3945206#M936197 HQuest 2020-02-21T17:36:59Z https://community.cisco.com/t5/network-security/intercept-and-redirect-traffic/m-p/4860621#M1101884 <P>I know this thread is rather old, but I'm looking for a solution to external hardcoded ntp or dns on certain devices and would like to use the firewall to intercept these requests from certain vrf's and redirect to internal ntp servers.&nbsp; It appears that you determined a solution, but didn't post the details.&nbsp; Can you elaborate?&nbsp; Many Thanks!</P> Thu, 22 Jun 2023 12:23:32 GMT https://community.cisco.com/t5/network-security/intercept-and-redirect-traffic/m-p/4860621#M1101884 wherewolf 2023-06-22T12:23:32Z