FTD NAT Policy
Location in GUI:
Devices » NAT
Diagram
Classes
policies (fmc.domains)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ftd_nat_policies | List | [ftd_nat_policies] | No |
ftd_nat_policies (fmc.domains.policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_ -]{1,64}$ | Yes | |
| description | String | max: 255 | No | |
| ftd_auto_nat_rules | List | [ftd_auto_nat_rules] | No | |
| ftd_manual_nat_rules | List | [ftd_manual_nat_rules] | No |
ftd_auto_nat_rules (fmc.domains.policies.ftd_nat_policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| nat_type | Choice | STATIC, DYNAMIC | Yes | |
| destination_interface | String | No | ||
| fall_through | Boolean | true, false | No | false |
| ipv6 | Boolean | true, false | No | false |
| net_to_net | Boolean | true, false | No | false |
| no_proxy_arp | Boolean | true, false | No | false |
| original_network | String | Yes | ||
| original_port | Integer | min: 1, max: 65535 | No | |
| perform_route_lookup | Boolean | true, false | No | false |
| protocol | Choice | TCP, UDP | No | |
| source_interface | String | No | ||
| translate_dns | Boolean | true, false | No | false |
| translated_network | String | No | ||
| translated_network_is_destination_interface | Boolean | true, false | No | true |
| translated_port | Integer | min: 1, max: 65535 | No |
ftd_manual_nat_rules (fmc.domains.policies.ftd_nat_policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| nat_type | Choice | STATIC, DYNAIMC | Yes | |
| section | Choice | after_auto, before_auto, AFTER_AUTO, BEFORE_AUTO | Yes | |
| description | String | max: 255 | No | |
| destination_interface | String | No | ||
| enabled | Boolean | true, false | No | true |
| fall_through | Boolean | true, false | No | false |
| interface_in_original_destination | Boolean | true, false | No | false |
| interface_in_translated_source | Boolean | true, false | No | true |
| ipv6 | Boolean | true, false | No | false |
| net_to_net | Boolean | true, false | No | false |
| no_proxy_arp | Boolean | true, false | No | false |
| original_destination | String | No | ||
| original_destination_port | String | No | ||
| original_source | String | No | ||
| original_source_port | String | No | ||
| route_lookup | Boolean | true, false | No | |
| source_interface | String | No | ||
| translate_dns | Boolean | true, false | No | false |
| translated_destination | String | No | ||
| translated_destination_port | String | No | ||
| translated_source | String | No | ||
| translated_source_port | String | No | ||
| unidirectional | Boolean | true, false | No | false |
Examples
Prerequisites:
existing:
fmc:
domains:
- name: Global
objects:
ports:
- name: HTTPS
fmc:
domains:
- name: Global
objects:
hosts:
- name: MyHostName1
ip: 10.10.10.10
networks:
- name: MyNetworkName1
prefix: 10.10.10.0/24
ports:
- name: MyPortName1
port: 8080
protocol: TCP
security_zones:
- name: MySecurityZoneName1
- name: MySecurityZoneName2
NAT Policy:
fmc:
domains:
- name: Global
policies:
ftd_nat_policies:
- name: MyFTDNatPolicyName1
ftd_auto_nat_rules:
- nat_type: DYNAMIC
original_network: MyNetworkName1
translated_network_is_destination_interface: true
source_security_zone: MySecurityZoneName1
destination_security_zone: MySecurityZoneName2
ftd_manual_nat_rules:
- nat_type: STATIC
section: BEFORE_AUTO
original_source: MyHostName1
interface_in_translated_source: true
source_security_zone: MySecurityZoneName2
destination_security_zone: MySecurityZoneName1
original_source_port: HTTPS
translated_source_port: MyPortName1