ā12-09-2024
12:18 PM
- last edited on
ā12-09-2024
12:36 PM
by
shule
Hi All,
I m trying to set Destination NAT so that an outside source can send some logs to an inside log collector server via UDP . The translation device in this case is a FMC managed FTD . Please find below the expected flow of the traffic
Source IP address - Public ( 1.1.1.1 ) >>>> FTD device Outside - Public ( 2.2.2.2) >>>> FTD device Inside GW - Private ( 10.1.1.1) >>> Destination Server ( 10.1.1.2 )
I have applied the following configuration on FMC but it does not seem to work .
1. DNAT Rule
Nat Rule : Manual ( NAT Rule Before )
Interface Objects:
Source Interface : FTD device Outside Public ( 2.2.2.2)
Destination Interface : FTD device Inside GW Private ( 10.1.1.1)
Translation :
- Original Packet
Original Source : 1.1.1.1
Original Destination : 2.2.2.2
- Translated Packet :
Translated Source : 2.2.2.2
Translated Destination : 10.1.1.2
2. Access Control Rule
Source Zone : Outside
Destination Zone : Inside
Source IP : 1.1.1.1
Destination IP : 10.1.1.2
Not sure where I'm going wrong here any assistance will be appreciated .
Thanks
ā12-09-2024 11:12 PM
I dont think you can do that, the traffic not allow to pass from OUT to IN then to Server connect to IN,
inside make FTD use IN to send log to Server
MHM
ā12-10-2024 07:11 AM
Good Morning and thank you for your reply . I'm not sure I follow , this is essentially some kind of port forwarding , are you saying that this configuration can't achieve that ?
I can see some hits on the access control policy though
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide