cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

1219
Views
0
Helpful
1
Replies
thomas poeckl
Beginner

Firepower 2110 NAT Policy Port Access List

Hello;

We are running a Firepower 2110 and it works fine so far.

We have an official IP Address with NAT to one of our private Exchange CAS Server.

I want that only the Port 80,443,587 are accessible from the Internet, what is the best way to restrict the access?

Can i translate only this specific Ports?

Many Thanks, Thomas

 

1 REPLY 1
balaji.bandi
VIP Guru

yes possible. you have Public IP you want to NAT with private IP(exchange server ) with specific ports this is standard most of the business to protect services.

 

i do not have any example document to provide you - may not be 100% help but give you idea

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/Network_Address_Translation__NAT__for_Threat_Defense.html

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards