Firepower 2110 NAT Policy Port Access List

thomas poeckl · ‎01-05-2021

Hello;

We are running a Firepower 2110 and it works fine so far.

We have an official IP Address with NAT to one of our private Exchange CAS Server.

I want that only the Port 80,443,587 are accessible from the Internet, what is the best way to restrict the access?

Can i translate only this specific Ports?

Many Thanks, Thomas

balaji.bandi · ‎01-05-2021

yes possible. you have Public IP you want to NAT with private IP(exchange server ) with specific ports this is standard most of the business to protect services.

i do not have any example document to provide you - may not be 100% help but give you idea

https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/Network_Address_Translation__NAT__for_Threat_Defense.html

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Firepower 2110 NAT Policy Port Access List

Interface の設定 (Access Policy)

Port-Security - Configuração Básica

Secure Access: How to

Secure Access: Roaming DeviceのLast Active PolicyがDefaultと表示される

IOS-XE/XE SD-WAN: NAT Interface Overload で Port 5152 を重複して使用する問題