NAT to different internal IPs on same external IP/Port
I'm currently migrating to FTD from WatchGuard for a customer.
The customer currently has port 80 open on a public IP which NATs to 2 different internal hosts as below: 1. If the connection comes in from a set of IPs (object) from a card vendor, the traffic is natted through to a web server
2. If the connection comes from anywhere else (any), they get sent to a seperate internal server
This goes against my understanding of NAT - is it possible to achieve this on FMC/FTD?
Re: NAT to different internal IPs on same external IP/Port
You can use static nat where your 1st rule will use your specific sources with your natted IP forwarded to your real IP. Then your 2nd rule will use any as source and being forwarded to another server.
I don't have any LAB FMC right now to do some screenshots but if you go into static nat creation process and specify source and destination as quickly explained previously, you'll find the way to achieve what you want to do.
Thanks Francesco PS: Please don't forget to rate and select as validated answer if this answered your question
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...
Since ASDM 7.12(2) I am no longer able to run ASDM on CentOS 7 using javaws. It appears to launch and dies. However, I am now running ASDM directly in java and it works fine.First attempt "javaws https://<ip of firewall>/admin/public/asd...
User Experience Enhancements
Expansion of Activity Descriptions
Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority o...