Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1947
Views
0
Helpful
1
Replies

NAT for Facebook.com URL Access

Fantas
Level 1
Level 1

‎10-14-2019 01:26 PM - edited ‎02-21-2020 09:35 AM

Hi,

 

I need to allow internet access for internal client for facebook access and need to build NAT on FMC. I did many times source NAT for internet access on other firewalls but not sure nat. type on. FMC.

 

I can see client url traffic on fmc but there is no nat to go out. I can see option of dynamic and static nat on fmc. I dont wana do static nat as it allows traffic initiated from both directions and I dont wana allow from oputside to inside.

 

which nat type on fmc is best for this scenario so that client can access facebook.com

 

0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎10-14-2019 06:27 PM

Hi

When you add a nat rule, choose manual nat and then detect dynamic as type.
However you won't be able to do a nat just for a specific url.
I would suggest to have a role ACP to allow only the url you want and build your dynamic nat for the whole user subnet trying to access internet.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card