DNAT Configuration

HAT · ‎12-09-2024

Hi All,

I m trying to set Destination NAT so that an outside source can send some logs to an inside log collector server via UDP . The translation device in this case is a FMC managed FTD . Please find below the expected flow of the traffic

Source IP address - Public ( 1.1.1.1 ) >>>> FTD device Outside - Public ( 2.2.2.2) >>>> FTD device Inside GW - Private ( 10.1.1.1) >>> Destination Server ( 10.1.1.2 )

I have applied the following configuration on FMC but it does not seem to work .

1. DNAT Rule

Nat Rule : Manual ( NAT Rule Before )

Interface Objects:

Source Interface : FTD device Outside Public ( 2.2.2.2)
Destination Interface : FTD device Inside GW Private ( 10.1.1.1)

Translation :

- Original Packet

Original Source : 1.1.1.1
Original Destination : 2.2.2.2

- Translated Packet :

Translated Source : 2.2.2.2
Translated Destination : 10.1.1.2

2. Access Control Rule

Source Zone : Outside
Destination Zone : Inside
Source IP : 1.1.1.1
Destination IP : 10.1.1.2

Not sure where I'm going wrong here any assistance will be appreciated .

Thanks

paul driver · ‎12-10-2024

Hello
I have never used NAT on FTD, however if you have a feature to disable proxy arp, please do so and test again.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

HAT · ‎12-10-2024

Thank you for the feedback . I can't see that option , isn't this essentially just port forwarding ?