Re: FTD 1010 appliance

Timothy Patrick · ‎04-17-2020

Hello, I am new to the Firepower Threat Defense products. I am trying to set up an external NAT that will forward ports to my internal network. I have tested the NAT rules on high ports such inside-x.x.x.x:8000 <-->outside-x.x.x.x:8000 and it seems to work. I stood up a python webserver listening on port 8000 and was able to connect to it from an external source. If I change the inside port number to 22,443,80 and do the same NAT inside-x.x.x.x:22 <-->outside-x.x.x.x:8000 and change the access rule to allow those ports it doesn't even see the port opened externally using NMAP. I have used different internal hosts for testing (Linux box, Switch,Router) both exhibit the same behavior. I am trying to find a good way to view the logs while I connect, the syslog data shows allow but I am wondering if its possibly snort that is blocking the connection somehow. Any help would be appreciated

I am using the following Model with the listed Code

Model : Cisco Firepower 1010 Threat Defense (78) Version 6.6.0 (Build 90)

Rob Ingram · ‎04-18-2020

Hi,
How is your Acess Control Policy (ACP) configured?
In the ACP you need to use the real port (22) rather than the mapped (8000).

Please provide a screenshot of the relevant ACP and NAT rules.

HTH

Timothy Patrick · ‎04-18-2020

Here are the NAT rules

The external nat for 7722 going to the internal port of 8023 works

Here are the ACLs

Here are the internal ports opened on the test box

PORT STATE SERVICE

8023/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

nmap x.x.x.x -p 22

Starting Nmap 7.50 ( https://nmap.org ) at 2020-04-18 10:51 MST

Host is up (0.75s latency).

PORT STATE SERVICE

22/tcp open ssh

When testing if ports are opened from the outside

Timothy Patrick · ‎04-25-2020

Where you able to review the ACP?