Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1368
Views
0
Helpful
1
Replies

Firepower 2110 NAT Policy Port Access List

thomas poeckl
Beginner
Beginner

‎01-05-2021 01:55 AM

Hello;

We are running a Firepower 2110 and it works fine so far.

We have an official IP Address with NAT to one of our private Exchange CAS Server.

I want that only the Port 80,443,587 are accessible from the Internet, what is the best way to restrict the access?

Can i translate only this specific Ports?

Many Thanks, Thomas

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
VIP
VIP

‎01-05-2021 04:09 AM - edited ‎01-05-2021 04:10 AM

yes possible. you have Public IP you want to NAT with private IP(exchange server ) with specific ports this is standard most of the business to protect services.

 

i do not have any example document to provide you - may not be 100% help but give you idea

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/Network_Address_Translation__NAT__for_Threat_Defense.html

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents