Skip to content
Network as Code

FTD NAT Policy

Location in GUI: Devices » NAT

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

policies (fmc.domains)

Section titled “policies (fmc.domains)”
NameTypeConstraintMandatoryDefault Value
ftd_nat_policiesList[ftd_nat_policies]No

ftd_nat_policies (fmc.domains.policies)

Section titled “ftd_nat_policies (fmc.domains.policies)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_ -]{1,64}$Yes
descriptionStringmax: 255No
auto_nat_rulesList[auto_nat_rules]No
manual_nat_rulesList[manual_nat_rules]No

auto_nat_rules (fmc.domains.policies.ftd_nat_policies)

Section titled “auto_nat_rules (fmc.domains.policies.ftd_nat_policies)”
NameTypeConstraintMandatoryDefault Value
nat_typeChoiceSTATIC, DYNAMICYes
destination_interfaceStringNo
fall_throughBooleantrue, falseNofalse
ipv6Booleantrue, falseNofalse
net_to_netBooleantrue, falseNofalse
no_proxy_arpBooleantrue, falseNofalse
original_networkStringYes
original_portIntegermin: 1, max: 65535No
route_lookupBooleantrue, falseNofalse
protocolChoiceTCP, UDPNo
source_interfaceStringNo
translate_dnsBooleantrue, falseNofalse
translated_networkStringNo
translated_network_is_destination_interfaceBooleantrue, falseNotrue
translated_portIntegermin: 1, max: 65535No

manual_nat_rules (fmc.domains.policies.ftd_nat_policies)

Section titled “manual_nat_rules (fmc.domains.policies.ftd_nat_policies)”
NameTypeConstraintMandatoryDefault Value
nat_typeChoiceSTATIC, DYNAMICYes
sectionChoiceafter_auto, before_auto, AFTER_AUTO, BEFORE_AUTOYes
descriptionStringmax: 255No
destination_interfaceStringNo
enabledBooleantrue, falseNotrue
fall_throughBooleantrue, falseNofalse
interface_in_original_destinationBooleantrue, falseNofalse
interface_in_translated_sourceBooleantrue, falseNotrue
ipv6Booleantrue, falseNofalse
net_to_netBooleantrue, falseNofalse
no_proxy_arpBooleantrue, falseNofalse
original_destinationStringNo
original_destination_portStringNo
original_sourceStringNo
original_source_portStringNo
route_lookupBooleantrue, falseNofalse
source_interfaceStringNo
translate_dnsBooleantrue, falseNofalse
translated_destinationStringNo
translated_destination_portStringNo
translated_sourceStringNo
translated_source_portStringNo
unidirectionalBooleantrue, falseNofalse

Examples

Section titled “Examples”

Prerequisites:

existing:
  fmc:
    domains:
      - name: Global
        objects:
          ports:
            - name: HTTPS
fmc:
  domains:
    - name: Global
      objects:
        hosts:
          - name: MyHostName1
            ip: 10.10.10.1
        networks:
          - name: MyNetworkName1
            prefix: 10.10.10.0/24
        ports:
          - name: MyPortName1
            port: 8080
            protocol: TCP
        security_zones:
          - name: MySecurityZoneName1
          - name: MySecurityZoneName2
            interface_type: ROUTED

NAT Policy:

fmc:
  domains:
    - name: Global
      policies:
        ftd_nat_policies:
          - name: MyFTDNatPolicyName1
            auto_nat_rules:
              - nat_type: DYNAMIC
                original_network: MyNetworkName1
                translated_network_is_destination_interface: true
                source_interface: MySecurityZoneName1
                destination_interface: MySecurityZoneName2
            manual_nat_rules:
              - nat_type: STATIC
                section: BEFORE_AUTO
                original_source: MyHostName1
                interface_in_translated_source: true
                source_interface: MySecurityZoneName2
                destination_interface: MySecurityZoneName1
                original_source_port: HTTPS
                translated_source_port: MyPortName1