I am new to firepower. I have a couple 4150's in act/stby attached to an FMC. I am mimicking config from an old ASA box onto these 4150's manually, and it got my thinking about firepower rules. In the ASA code, when you have a static NAT for a server to the internet (say for https), you used to have to make a ACL permit rule on the outside interface (inbound direction) destined to the original, un-natted IP. I am just wondering if firepower does the same. Do you permit NAT rules from the outside zone to the server zone, from ANY to "original IP" ? Or have they used the NAT'd IP now?
No comments:
Post a Comment