Have you confirmed that port forwarding on the Draytek is correct...and why are you doing NAT on both the Draytek and Firepower? NATing on both the Draytek and Firepower just adds extra complexity.  To verify the connectivity though the Firepower device, run packet-tracer and verify that traffic is NATed and allowed through the firewall if all is good there then focus your efforts on the Draytek device.

There is a NAT policy already on Draytek router which works without the firepower FTD, I have configured PPPOE on FP Interface with all the settings used in the Draytek but it doesn't seem to allow internet through hence why am using both.

On the Draytek device, is it NATing to the real IP of the server you are having issues with? Or to an intermediary IP which is then again NATed to the real IP of the server?

Also, source ports are usually random high ports so I suggest removing the source port from the access rules.

On the Draytek Port redirection is what is implemented, the source IP is the server's and dest IP is the the static from ISP. I have remove the ports from NAT in FP FTD and only use ACL to filter the destination ports

Thank you for your reply, I will implement this and get back to you. Also are other ACL correct or need changing?

Yes so static Nat from 192.168.20.x to 192.168.2.x shows and overlap to 192.168.2.x which is the outside, same with PPOE to outside hence the deployment failed.

If a post helped you reach your solution or it provided the solution please select it as a correct answer and / or rate the post.