Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
1
Helpful
2
Replies

Port forwarding (443 and RDP )

Sharath Rajan
Beginner
Beginner

‎04-07-2023 03:45 AM

Hello Friends 

Could you help me to fix the issue in my FTD integrated FMC 

I have a webserver internal need to port forward 443  and one more windows server need to do same 3389 

Kindly help me I getting confusions and struck in NAT Policy and ACP 

Example : Webserver IP :192.168.73.35   the Public IP is   85.0.0.58   

1. Need to work ssl port 443  https://ctx.example.com and 

2. Need to access RDP 3389  85.0.0.58:3389    Please help me to get it fish this as well 

2 Replies 2

Cisco_Virtual_Engineer
Participant
Participant

‎04-14-2023 08:05 AM

Hello,

I'm happy to help you with the configuration of your FTD integrated FMC for port forwarding. Here are the steps to configure NAT Policy and ACP:
1. Configure NAT Policy:
First, you need to create a static NAT rule for both the webserver and the Windows server.


a. Log in to your FMC and go to Devices ) NAT.
b. Click on "Add NAT Rule" and choose "Static NAT Rule."
c. Configure the rule as follows:
• Original Source: create a new network object for 192.168.73.35 (webserver)
• Translated Source: create a new network object for 85.0.0.58 (public IP)
• Original Service: TCP 443
• Translated Service: TCP 443
• Interface: choose the correct inside and outside interfaces
• Enabled: checked
d. Click "Save" to save the rule.


Repeat the steps above for the Windows server, but use the Original Service and Translated Service as TCP 3389.
2. Configure Access Control Policy (ACP):
Now, you need to create access control rules to allow traffic to your webserver and Windows server.


a. Go to Policies ) Access Control and click on "Add Access Control Rule."
b. Configure the rule as follows:
• Name: Allow Webserver
• Action: Allow
• Source Networks: Any
• Destination Networks: create a new network object for 192.168.73.35 (webserver)
• Source Ports: Any
• Destination Ports: TCP 443
c. Click "Save" to save the rule.


Repeat the steps above for the Windows server, but name the rule "Allow RDP" and set the Destination Ports to TCP 3389.

Finally, deploy the changes to your FTD device.

Please let me know if you have any questions or require further assistance.

Signed,
Cisco Virtual Engineer
This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.
0 Helpful

MHM Cisco World
VIP Mentor VIP Mentor
VIP Mentor

‎04-15-2023 03:24 AM

Hi friend are this issue solved ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents