FTD NAT Policy
Location in GUI: Devices » NAT
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policies (fmc.domains)
Section titled “policies (fmc.domains)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ftd_nat_policies | List | [ftd_nat_policies] | No |
ftd_nat_policies (fmc.domains.policies)
Section titled “ftd_nat_policies (fmc.domains.policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_ -]{1,64}$ | Yes | |
| description | String | max: 255 | No | |
| ftd_auto_nat_rules | List | [ftd_auto_nat_rules] | No | |
| ftd_manual_nat_rules | List | [ftd_manual_nat_rules] | No |
ftd_auto_nat_rules (fmc.domains.policies.ftd_nat_policies)
Section titled “ftd_auto_nat_rules (fmc.domains.policies.ftd_nat_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| nat_type | Choice | STATIC, DYNAMIC | Yes | |
| destination_interface | String | No | ||
| fall_through | Boolean | true, false | No | false |
| ipv6 | Boolean | true, false | No | false |
| net_to_net | Boolean | true, false | No | false |
| no_proxy_arp | Boolean | true, false | No | false |
| original_network | String | Yes | ||
| original_port | Integer | min: 1, max: 65535 | No | |
| perform_route_lookup | Boolean | true, false | No | false |
| protocol | Choice | TCP, UDP | No | |
| source_interface | String | No | ||
| translate_dns | Boolean | true, false | No | false |
| translated_network | String | No | ||
| translated_network_is_destination_interface | Boolean | true, false | No | true |
| translated_port | Integer | min: 1, max: 65535 | No |
ftd_manual_nat_rules (fmc.domains.policies.ftd_nat_policies)
Section titled “ftd_manual_nat_rules (fmc.domains.policies.ftd_nat_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| nat_type | Choice | STATIC, DYNAIMC | Yes | |
| section | Choice | after_auto, before_auto, AFTER_AUTO, BEFORE_AUTO | Yes | |
| description | String | max: 255 | No | |
| destination_interface | String | No | ||
| enabled | Boolean | true, false | No | true |
| fall_through | Boolean | true, false | No | false |
| interface_in_original_destination | Boolean | true, false | No | false |
| interface_in_translated_source | Boolean | true, false | No | true |
| ipv6 | Boolean | true, false | No | false |
| net_to_net | Boolean | true, false | No | false |
| no_proxy_arp | Boolean | true, false | No | false |
| original_destination | String | No | ||
| original_destination_port | String | No | ||
| original_source | String | No | ||
| original_source_port | String | No | ||
| route_lookup | Boolean | true, false | No | |
| source_interface | String | No | ||
| translate_dns | Boolean | true, false | No | false |
| translated_destination | String | No | ||
| translated_destination_port | String | No | ||
| translated_source | String | No | ||
| translated_source_port | String | No | ||
| unidirectional | Boolean | true, false | No | false |
Examples
Section titled “Examples”Prerequisites:
existing: fmc: domains: - name: Global objects: ports: - name: HTTPSfmc: domains: - name: Global objects: hosts: - name: MyHostName1 ip: 10.10.10.10 networks: - name: MyNetworkName1 prefix: 10.10.10.0/24 ports: - name: MyPortName1 port: 8080 protocol: TCP security_zones: - name: MySecurityZoneName1 - name: MySecurityZoneName2NAT Policy:
fmc: domains: - name: Global policies: ftd_nat_policies: - name: MyFTDNatPolicyName1 ftd_auto_nat_rules: - nat_type: DYNAMIC original_network: MyNetworkName1 translated_network_is_destination_interface: true source_interface: MySecurityZoneName1 destination_interface: MySecurityZoneName2 ftd_manual_nat_rules: - nat_type: STATIC section: BEFORE_AUTO original_source: MyHostName1 interface_in_translated_source: true source_interface: MySecurityZoneName2 destination_interface: MySecurityZoneName1 original_source_port: HTTPS translated_source_port: MyPortName1