Skip to content
Network as Code

FTD NAT Policy

Location in GUI: Devices » NAT

Diagram

Diagram

Classes

policies (fmc.domains)

NameTypeConstraintMandatoryDefault Value
ftd_nat_policiesList[ftd_nat_policies]No

ftd_nat_policies (fmc.domains.policies)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_ -]{1,64}$Yes
descriptionStringmax: 255No
ftd_auto_nat_rulesList[ftd_auto_nat_rules]No
ftd_manual_nat_rulesList[ftd_manual_nat_rules]No

ftd_auto_nat_rules (fmc.domains.policies.ftd_nat_policies)

NameTypeConstraintMandatoryDefault Value
nat_typeChoiceSTATIC, DYNAMICYes
destination_interfaceStringNo
fall_throughBooleantrue, falseNofalse
ipv6Booleantrue, falseNofalse
net_to_netBooleantrue, falseNofalse
no_proxy_arpBooleantrue, falseNofalse
original_networkStringYes
original_portIntegermin: 1, max: 65535No
perform_route_lookupBooleantrue, falseNofalse
protocolChoiceTCP, UDPNo
source_interfaceStringNo
translate_dnsBooleantrue, falseNofalse
translated_networkStringNo
translated_network_is_destination_interfaceBooleantrue, falseNotrue
translated_portIntegermin: 1, max: 65535No

ftd_manual_nat_rules (fmc.domains.policies.ftd_nat_policies)

NameTypeConstraintMandatoryDefault Value
nat_typeChoiceSTATIC, DYNAIMCYes
sectionChoiceafter_auto, before_auto, AFTER_AUTO, BEFORE_AUTOYes
descriptionStringmax: 255No
destination_interfaceStringNo
enabledBooleantrue, falseNotrue
fall_throughBooleantrue, falseNofalse
interface_in_original_destinationBooleantrue, falseNofalse
interface_in_translated_sourceBooleantrue, falseNotrue
ipv6Booleantrue, falseNofalse
net_to_netBooleantrue, falseNofalse
no_proxy_arpBooleantrue, falseNofalse
original_destinationStringNo
original_destination_portStringNo
original_sourceStringNo
original_source_portStringNo
route_lookupBooleantrue, falseNo
source_interfaceStringNo
translate_dnsBooleantrue, falseNofalse
translated_destinationStringNo
translated_destination_portStringNo
translated_sourceStringNo
translated_source_portStringNo
unidirectionalBooleantrue, falseNofalse

Examples

Prerequisites:

existing:
  fmc:
    domains:
      - name: Global
        objects:
          ports:
            - name: HTTPS
fmc:
  domains:
    - name: Global
      objects:
        hosts:
          - name: MyHostName1
            ip: 10.10.10.10
        networks:
          - name: MyNetworkName1
            prefix: 10.10.10.0/24
        ports:
          - name: MyPortName1
            port: 8080
            protocol: TCP
        security_zones:
          - name: MySecurityZoneName1
          - name: MySecurityZoneName2

NAT Policy:

fmc:
  domains:
    - name: Global
      policies:
        ftd_nat_policies:
          - name: MyFTDNatPolicyName1
            ftd_auto_nat_rules:
              - nat_type: DYNAMIC
                original_network: MyNetworkName1
                translated_network_is_destination_interface: true
                source_interface: MySecurityZoneName1
                destination_interface: MySecurityZoneName2
            ftd_manual_nat_rules:
              - nat_type: STATIC
                section: BEFORE_AUTO
                original_source: MyHostName1
                interface_in_translated_source: true
                source_interface: MySecurityZoneName2
                destination_interface: MySecurityZoneName1
                original_source_port: HTTPS
                translated_source_port: MyPortName1