Port forward FMC

smartns04 · ‎05-12-2018

Hi all,

I have installed a HA pair of 5508 controlled by an The plan is to have a webserver behind the firewall and be accessible from the internet. As i am rathern new on FMC can anyone suggest a best practice guideline to create the appropriate port forwarding and policy for publishing ports 80 and 443 to the internet.

Thanks!

Dennis Mink · ‎05-12-2018

What you do is create a NAT rule for your public IP address to the internal IP address of the webserver on the ASA (can do a nat based on ports 80 and 443). then create and ACL to allow http/https to your internal webserver IP address from any on your FMC

Please remember to rate useful posts, by clicking on the stars below.

smartns04 · ‎05-12-2018

Hi Dennis,

Thanks for the reply,

Propably i didnt descibed correctly what i am looking for, i know what it should be done regarding port forward and policies. My question which propably is not stated clear enough at my first post, is that as there are many options in the NAT configuration if there is anything special i should have in mind when configuring the NAT. For example should i have the rule before or after the auto NAT rules.

Is there any configuration example that you can post?

Thanks again for you reply!

Mohammed al Baqari · ‎05-12-2018

Same as ASA. Create an ACP to allow ports from outside. Also, configure NAT
rules to publish them server(s) to outside (assuming you have the public
static IP)